Description

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

Remediation

References

CVE-2012-5507

Related Vulnerabilities

WordPress Plugin BackupBuddy Arbitrary File Download (8.7.4.1)

WordPress Plugin Helpie FAQ-WordPress FAQ Accordion Security Bypass (0.7)

PHP Numeric Errors Vulnerability (CVE-2011-0755)

WordPress Plugin Ajax Search Lite Remote Command Execution (3.1)

WordPress Plugin Images Lazyload and Slideshow Cross-Site Scripting (3.2)

Severity

Medium

Classification

CVE-2012-5507 CWE-362

Tags

Missing Update Known Vulnerabilities