Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2096-1
HistoryAug 24, 2010 - 12:00 a.m.

zope-ldapuserfolder - authentication

2010-08-2400:00:00
Google
osv.dev
10

EPSS

0.008

Percentile

81.8%

JSON

Jeremy James discovered that in LDAPUserFolder, a Zope extension
used to authenticate against an LDAP server, the authentication code
does not verify the password provided for the emergency user. Malicious
users that manage to get the emergency user login can use this flaw to
gain administrative access to the Zope instance, by providing an
arbitrary password.

For the stable distribution (lenny), this problem has been fixed in
version 2.9-1+lenny1.

The package no longer exists in the upcoming stable distribution
(squeeze) or the unstable distribution.

We recommend that you upgrade your zope-ldapuserfolder package.

Related

openvas 2
cvelist 1
nvd 1
prion 1
debian 1
ubuntucve 1
nessus 1
cve 1
openvas
openvas
Debian Security Advisory DSA 2096-1 (zope-ldapuserfolder)
2010-10-10 00:00:00
Debian: Security Advisory (DSA-2096-1)
2010-10-10 00:00:00
cvelist
cvelist
CVE-2010-2944
2010-08-20 19:00:00
nvd
nvd
CVE-2010-2944
2010-08-20 20:00:02
prion
prion
Default credentials
2010-08-20 20:00:00
debian
debian
[SECURITY] [DSA 2096-1] New zope-ldapuserfolder packages fix authentication bypass
2010-08-24 20:54:59
ubuntucve
ubuntucve
CVE-2010-2944
2010-08-20 00:00:00
nessus
nessus
Debian DSA-2096-1 : zope-ldapuserfolder - missing input validation
2010-08-27 00:00:00
cve
cve
CVE-2010-2944
2010-08-20 20:00:02

EPSS

0.008

Percentile

81.8%

JSON
Related for OSV:DSA-2096-1
openvas2cvelist1nvd1prion1debian1ubuntucve1nessus1cve1