Red Hat Bugzilla – Bug 497493
CVE-2009-0662 plone: authentication flaw in login form
Last modified: 2010-04-26 23:58:54 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0662 to the following vulnerability:
Quoting upstream security advisory:
Karen Chan of Isotoma Limited found a bug in the login form
handling of Plone 3.x. An already authenticated user could
exploit this error and assume the identity of another user.
Affected version (from upstream advisory):
All Plone 3.x releases are affected.
Plone 2.5 and earlier releases are not affected.
Created attachment 341134 [details]
Plone currently only seem to be shipped in EPEL5, no other Fedora version has plone at the moment.