VYPR
High severityNVD Advisory· Published Sep 30, 2014· Updated Jun 16, 2026

CVE-2012-5507

CVE-2012-5507

Description

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Zope2PyPI
< 2.13.192.13.19
PlonePyPI
>= 3.2.2, < 4.2.34.2.3
PlonePyPI
>= 4.3a1, < 4.3b14.3b1

Affected products

101
  • cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*+ 71 more
    • cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*range: <=4.2.2
    • cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*
    • cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*
  • Zope/Zope27 versions
    cpe:2.3:a:zope:zope:2.10.3:*:*:*:*:*:*:*+ 26 more
    • cpe:2.3:a:zope:zope:2.10.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.10.8:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.11.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.13.18:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.8.8:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.9.5:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.9.6:*:*:*:*:*:*:*
    • cpe:2.3:a:zope:zope:2.9.7:*:*:*:*:*:*:*
  • ghsa-coords2 versions
    >= 3.2.2, < 4.2.3+ 1 more
    • (no CPE)range: >= 3.2.2, < 4.2.3
    • (no CPE)range: < 2.13.19

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.