Description
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
Remediation
References
Related Vulnerabilities
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5382)
Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-7943)
Drupal Core 7.x Directory Traversal (7.0 - 7.81)
WebLogic CVE-2021-1996 Vulnerability (CVE-2021-1996)
Piwigo Improper Access Control Vulnerability (CVE-2016-10514)