PT-2010-4425 · Zope · Zope-Ldapuserfolder
Sébastien Delafond
·
Publicado
2010-08-20
·
Atualizado
2010-08-23
·
CVE-2010-2944
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
zope-ldapuserfolder version 2.9-1
Description
The issue concerns the authenticate function in LDAPUserFolder/LDAPUserFolder.py, which fails to verify the password for the emergency account. This allows remote attackers to gain privileges.
Recommendations
For zope-ldapuserfolder version 2.9-1, consider disabling the emergency account or restricting its access until a patch is available to verify the password correctly.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Zope-Ldapuserfolder