Description
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
Remediation
References
Related Vulnerabilities
OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3568)
WordPress Plugin H5P CSS Editor Cross-Site Scripting (1.0)
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25)
WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.9.63)
WordPress Plugin Calendar Event Multi View Cross-Site Scripting (1.3.99)