oss-sec mailing list archives

Re: CVE request: zope-ldapuser

From: Josh Bressers <bressers () redhat com>
Date: Thu, 19 Aug 2010 15:53:29 -0400 (EDT)


----- "Sébastien Delafond" <seb () debian org> wrote:

Hi,

there is an authentication probleme in zope-ldapuser, where any
password
is accepted when attempting to log in as the emergency user (as
defined
in zpasswd.py). See Debian bug 593466[0] for the corresponding patch.


[0] http://bugs.debian.org/593466


The debian bug has lots more info.

Please use CVE-2010-2944

Thanks.

-- 
    JB

Current thread:

CVE request: zope-ldapuser Sébastien Delafond (Aug 18)
- Re: CVE request: zope-ldapuser Josh Bressers (Aug 19)