PYSEC-2014-75
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/zope2/PYSEC-2014-75.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2014-75
- Aliases
-
- CVE-2012-5507
- GHSA-3qpr-7rmg-73v8
- PYSEC-2014-49
- Published
- 2014-09-30T14:55:00Z
- Modified
- 2023-11-08T03:57:09.787903Z
- Summary
- [none]
- Details
-
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
- References
-
- http://www.openwall.com/lists/oss-security/2012/11/10/1
- https://plone.org/products/plone/security/advisories/20121106/23
- https://bugs.launchpad.net/zope2/+bug/1071067
- https://plone.org/products/plone-hotfix/releases/20121106
- https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
- https://github.com/advisories/GHSA-3qpr-7rmg-73v8
Affected packages
PyPI / zope2
Package
- Name
- zope2
- View open source insights on deps.dev
- Purl
- pkg:pypi/zope2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.13.19
Affected versions
2.*
2.12.0.a1
2.12.0a2
2.12.0a3
2.12.0a4
2.12.0b1
2.12.0b2
2.12.0b3
2.12.0b4
2.12.0c1
2.12.0
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.12.6
2.12.7
2.12.8
2.12.9
2.12.10
2.12.11
2.12.12
2.12.13
2.12.14
2.12.15
2.12.16
2.12.17
2.12.18
2.12.19
2.12.20
2.12.21
2.12.22
2.12.23
2.12.24
2.12.25
2.12.26
2.12.27
2.12.28
2.13.0a1
2.13.0a2
2.13.0a3
2.13.0a4
2.13.0b1
2.13.0c1
2.13.0
2.13.1
2.13.2
2.13.3
2.13.4
2.13.5
2.13.6
2.13.7
2.13.8
2.13.9
2.13.10
2.13.11
2.13.12
2.13.13
2.13.14
2.13.15
2.13.16
2.13.17
2.13.18