CVE-2005-4689

CVE-2005-4689

EPSS 1.2%

Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html http://www.sixapart.com/movabletype/docs/3.2/h_changelog/3_2.html