Description
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2008-1814 Vulnerability (CVE-2008-1814)
SharePoint CVE-2020-1583 Vulnerability (CVE-2020-1583)
Drupal Improper Input Validation Vulnerability (CVE-2019-6339)
MySQL CVE-2016-0606 Vulnerability (CVE-2016-0606)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7853)