PYSEC-2014-49
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2014-49.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2014-49
- Aliases
-
- CVE-2012-5507
- GHSA-3qpr-7rmg-73v8
- PYSEC-2014-75
- Published
- 2014-09-30T14:55:00Z
- Modified
- 2023-11-01T04:44:52.714601Z
- Summary
- [none]
- Details
-
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
- References
-
- http://www.openwall.com/lists/oss-security/2012/11/10/1
- https://plone.org/products/plone/security/advisories/20121106/23
- https://bugs.launchpad.net/zope2/+bug/1071067
- https://plone.org/products/plone-hotfix/releases/20121106
- https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
- https://github.com/advisories/GHSA-3qpr-7rmg-73v8
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.2.3Introduced4.3a0Fixed4.3b1
Affected versions
3.*
3.2a1
3.2rc1
3.2
3.2.1
3.2.2
3.2.3
3.3b1
3.3rc1
3.3rc2
3.3rc3
3.3rc4
3.3rc5
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
4.*
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.2rc2
4.2
4.2.1
4.2.2
4.3a1
4.3a2