Lucene search

GoogleOSV:PYSEC-2014-75

HistorySep 30, 2014 - 2:55 p.m.

PYSEC-2014-75

2014-09-3014:55:00

Google

osv.dev

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

CPENameOperatorVersion
zope2eq2.12.5
zope2eq2.12.0b2
zope2eq2.13.14
zope2eq2.13.3
zope2eq2.12.0c1
zope2eq2.12.14
zope2eq2.12.7
zope2eq2.12.16
zope2eq2.12.27
zope2eq2.12.0a3

Name	Operator	Version
zope2	eq	2.12.5
zope2	eq	2.12.0b2
zope2	eq	2.13.14
zope2	eq	2.13.3
zope2	eq	2.12.0c1
zope2	eq	2.12.14
zope2	eq	2.12.7
zope2	eq	2.12.16
zope2	eq	2.12.27
zope2	eq	2.12.0a3

Rows per page:

1-10 of 631

References

www.openwall.com/lists/oss-security/2012/11/10/1

bugs.launchpad.net/zope2/+bug/1071067

github.com/advisories/GHSA-3qpr-7rmg-73v8

github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

plone.org/products/plone-hotfix/releases/20121106

plone.org/products/plone/security/advisories/20121106/23

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for OSV:PYSEC-2014-75