Description

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

Remediation

References

CVE-2012-5507

Related Vulnerabilities

WordPress Plugin Block wp-login Cross-Site Request Forgery (1.3.0)

Apache HTTP Server CVE-2012-0053 Vulnerability (CVE-2012-0053)

Claroline Other Vulnerability (CVE-2006-5256)

Microsoft SQL Server Other Vulnerability (CVE-2001-0879)

WordPress Other Vulnerability (CVE-2007-1599)

Severity

Medium

Classification

CVE-2012-5507 CWE-362

Tags

Missing Update Known Vulnerabilities