Description
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
Remediation
References
Related Vulnerabilities
WordPress Plugin PhotoSmash Galleries Arbitrary File Upload (1.0.7)
WordPress Plugin Simple Behance Portfolio Cross-Site Scripting (0.2)
PHP NULL Pointer Dereference Vulnerability (CVE-2016-7130)
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-1402)
WordPress Plugin Form Store to DB Unspecified Vulnerability (1.1.0)