The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges.
CPE | Name | Operator | Version |
---|---|---|---|
zope-ldapuserfolder | eq | 2.9.1 |