CVE-2005-4689 Information

Description

Six Apart Movable Type 3.16 stores account names and password hashes in a cookie which allows remote attackers to login to an account by sniffing the cookie.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html http://www.sixapart.com/movabletype/docs/3.2/h_changelog/3_2.html