Description
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
Remediation
References
Related Vulnerabilities
WordPress Plugin Disqus Comment System Multiple Vulnerabilities (2.75)
WordPress Plugin WP-Stats-Dashboard SQL Injection (2.9.4)
WordPress Plugin Poll, Survey, Form & Quiz Maker by OpinionStage Cross-Site Scripting (19.6.24)
WordPress Plugin WP Rollback Multiple Vulnerabilities (1.2.2)
Apache Tomcat Insertion of Sensitive Information into Log File Vulnerability (CVE-2026-34487)