Red Hat Bugzilla – Bug 978480
CVE-2013-4198 plone: Authenticated users able to alter their password despite of policy definition / setting prohibiting it (mail_password.py)
Last modified: 2015-08-22 11:59:54 EDT
A security flaw was found in the way Plone, a user friendly and powerful content management system, restricted access to password change for unauthorized users. If from policy definition Plone user in question was not allowed to change their password, they (previously) could still reset / change the password via forgotten password email functionality.
The CVE identifier of CVE-2013-4198 has been assigned to this issue:
Created plone tracking bugs for this issue:
Affects: epel-5 [bug 991015]