Description

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

Remediation

References

CVE-2012-5507

Related Vulnerabilities

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.3.13.727)

datatables Cross-site Scripting (XSS) Vulnerability (CVE-2015-6584)

PHP Improper Input Validation Vulnerability (CVE-2007-0908)

WordPress Plugin YITH WooCommerce Zoom Magnifier Cross-Site Scripting (1.2.6)

PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-15041)

Severity

Medium

Classification

CVE-2012-5507 CWE-362

Tags

Missing Update Known Vulnerabilities