oss-sec mailing list archives
Re: CVE request: zope-ldapuser
From: Josh Bressers <bressers () redhat com>
Date: Thu, 19 Aug 2010 15:53:29 -0400 (EDT)
----- "Sébastien Delafond" <seb () debian org> wrote:
Hi, there is an authentication probleme in zope-ldapuser, where any password is accepted when attempting to log in as the emergency user (as defined in zpasswd.py). See Debian bug 593466[0] for the corresponding patch. [0] http://bugs.debian.org/593466
The debian bug has lots more info. Please use CVE-2010-2944 Thanks. -- JB
Current thread:
- CVE request: zope-ldapuser Sébastien Delafond (Aug 18)
- Re: CVE request: zope-ldapuser Josh Bressers (Aug 19)