Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-5507

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

Related bugs and status

CVE-2012-5507 (Candidate) is related to these bugs:

Bug #1071067: Improper use of random module

Summary				In	Importance	Status
	1071067	Improper use of random module		Zope 2	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.openwall.co...
MISC: https://bugs.launchpad...
MISC: https://github.com/plo...
MISC: https://plone.org/prod...
MISC: https://plone.org/prod...