[Bug 209163] New: CVE-2006-4247: plone password reset vulnerability

Tue Oct 3 17:39:28 UTC 2006

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209163

           Summary: CVE-2006-4247: plone password reset vulnerability
           Product: Fedora Extras
           Version: fc5
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: high
          Priority: urgent
         Component: plone
        AssignedTo: gauret at free.fr
        ReportedBy: ville.skytta at iki.fi
         QAContact: extras-qa at fedoraproject.org
                CC: extras-qa at fedoraproject.org,fedora-security-
                    list at redhat.com

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4247

Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 
and 2.5.1 Release Candidate allows attackers to reset the passwords of other 
users, related to "an erroneous security declaration."

According to info in upstream advisory, 2.5* (FC-5 and devel) are affected, 
2.1.* (FC-3 and FC-4) not.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.