2006-02-01 02:00:00
mitre
PUBLISHED
Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie.