Nidelven IT - All about Python, Zope & Plone - and Open Source!

Here you'll find issues related to our services. Mostly about Python, Zope and Plone, as well as hosting-related issues.

"Keeping IT real"

Older entries

Atom - Subscribe - Categories
Previous | Next

DoS discovered in Zope PAS

A Denial-of-Service has been discovered in Zope's PAS module:

Where a logged-in user can change their username to someone else's and by doing so, deny the user with the other username authenticated access.

We don't see this bug being serious enough to warrant a patch as it isn't a privilege escalation, and we also believe it would affect a small share of our hosting customers.

[Permalink] [By morphex] [Zope instance management (Atom feed)] [2011 31 May 07:25 GMT+2]

Add comment (text format)


A passphrase is required to comment on this weblog. It is required to make sure that bots aren't doing automatic spamming. It is: nit is the best!.