PT-2006-5061 · Plone Foundation · Password Reset Tool+1

Published

2006-09-29

Updated

2022-05-01

CVE-2006-4247

CVSS v4.0

8.0

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

Name of the Vulnerable Software and Affected Versions Plone versions 2.5 through 2.5.1 Release Candidate Plone version 0.4.1 and earlier of the Password Reset Tool

Description The issue is related to an erroneous security declaration in the Password Reset Tool, allowing attackers to reset the passwords of other users.

Recommendations For Plone versions 2.5 through 2.5.1 Release Candidate, update the Password Reset Tool to version 0.4.1 or later. For Plone version 0.4.1 and earlier of the Password Reset Tool, update to version 0.4.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4247

GHSA-5HCH-V5PQ-X4QP

PYSEC-2006-5

PYSEC-2006-9

Affected Products

Password Reset Tool

Plone

PT-2006-5061 · Plone Foundation · Password Reset Tool+1

CVE-2006-4247

Related Identifiers

Affected Products

References · 8