Description

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

Remediation

References

CVE-2012-5507

Related Vulnerabilities

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2015-7501)

MySQL CVE-2020-14799 Vulnerability (CVE-2020-14799)

WordPress Plugin Reusable Blocks Extended Cross-Site Request Forgery (0.9)

WebLogic Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-22965)

Ruby on Rails Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-4111)

Severity

Medium

Classification

CVE-2012-5507 CWE-362

Tags

Missing Update Known Vulnerabilities