Sébastien Delafond

**Name of the Vulnerable Software and Affected Versions** zope-ldapuserfolder version 2.9-1 **Description** The issue concerns the authenticate function in LDAPUserFolder/LDAPUserFolder.py, which fails to verify the password for the emergency account. This allows remote attackers to gain privileges. **Recommendations** For zope-ldapuserfolder version 2.9-1, consider disabling the emergency account or restricting its access until a patch is available to verify the password correctly.