CVE-2010-2944

CVE Database · CVE-2010-2944

CVE-2010-2944

· N/AModified

CVSS v3.1

N/A

EPSS

1.34%

Published

Aug 20, 2010

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges.

Weaknesses (CWE)

CWE-287

Affected Products (1)

jens_vagelpohl · zope-ldapuserfoldervulnerable

References (8)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593466

Patch

http://secunia.com/advisories/41022

Vendor Advisory

http://www.openwall.com/lists/oss-security/2010/08/18/3

http://www.openwall.com/lists/oss-security/2010/08/19/7