Description

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

Remediation

References

CVE-2012-5507

Related Vulnerabilities

MediaWiki Improper Input Validation Vulnerability (CVE-2017-8811)

MySQL CVE-2014-6489 Vulnerability (CVE-2014-6489)

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1057)

MySQL Other Vulnerability (CVE-2007-5970)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4408)

Severity

Medium

Classification

CVE-2012-5507 CWE-362

Tags

Missing Update Known Vulnerabilities