Red Hat Bugzilla – Bug 209163
CVE-2006-4247: plone password reset vulnerability
Last modified: 2007-11-30 17:11:45 EST
Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5
and 2.5.1 Release Candidate allows attackers to reset the passwords of other
users, related to "an erroneous security declaration."
According to info in upstream advisory, 2.5* (FC-5 and devel) are affected,
2.1.* (FC-3 and FC-4) not.
Fixed and updated, thanks