Description
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
Remediation
References
Related Vulnerabilities
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.2)
WordPress Plugin Advanced File Manager Directory Traversal (5.1)
WordPress Plugin Flog Server-Side Request Forgery (1.0beta3)
phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-1285)
WordPress Plugin PHP Everywhere Multiple Remote Code Execution Vulnerabilities (2.0.3)