Description

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

Remediation

References

CVE-2012-5507

Related Vulnerabilities

Sqlite Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6589)

MySQL CVE-2014-6505 Vulnerability (CVE-2014-6505)

WordPress Plugin Accordion Cross-Site Scripting (2.2.29)

WordPress Plugin Youzify-BuddyPress Community, User Profile, Social Network & Membership for WordPress SQL Injection (1.2.5)

Jboss EAP Improper Input Validation Vulnerability (CVE-2011-4314)

Severity

Medium

Classification

CVE-2012-5507 CWE-362

Tags

Missing Update Known Vulnerabilities