2 matches found
Design/Logic Flaw
The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG...
CVE-2012-6661
CVE-2012-6661 affects Zope before 2.13.19 as used in Plone before 4.2.3 and in 4.3 before beta 1, where the PRNG is not reseeded, allowing remote attackers to guess random numbers via unspecified vectors. The issue was split from CVE-2012-5508 (ADT2). Public references indicate remediation by upg...