CVE-2012-5507

CVE Database · CVE-2012-5507

CVE-2012-5507

· N/AModified

CVSS v3.1

N/A

EPSS

0.93%

Published

Sep 30, 2014

Modified

May 6, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

Weaknesses (CWE)

CWE-362

Affected Products (99)

zope · zopevulnerable

zope · zope

References (10)

http://www.openwall.com/lists/oss-security/2012/11/10/1

https://bugs.launchpad.net/zope2/+bug/1071067

https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

https://plone.org/products/plone-hotfix/releases/20121106

Patch

https://plone.org/products/plone/security/advisories/20121106/23

Vendor Advisory

http://www.openwall.com/lists/oss-security/2012/11/10/1

https://bugs.launchpad.net/zope2/+bug/1071067

https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

https://plone.org/products/plone-hotfix/releases/20121106

Patch

KEV Catalog EPSS Scores Vendors All CVEs