Description

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

Remediation

References

CVE-2012-5507

Related Vulnerabilities

WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads Multiple Vulnerabilities (2.2.4)

WordPress Plugin JSON API User Privilege Escalation (3.9.3)

Nginx Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9516)

WordPress Plugin WooCommerce Email Test Information Disclosure (1.5)

WordPress Plugin Product Catalog PHP Object Injection (4.2.25)

Severity

Medium

Classification

CVE-2012-5507 CWE-362

Tags

Missing Update Known Vulnerabilities