CVE-2020-7940

EUVD-2020-0147
Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
ploneplone
4.3.0 ≤
𝑥
≤ 5.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2020/01/24/1
https://plone.org/security/hotfix/20200121
https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked
https://www.openwall.com/lists/oss-security/2020/01/22/1
http://www.openwall.com/lists/oss-security/2020/01/24/1
https://plone.org/security/hotfix/20200121
https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked
https://www.openwall.com/lists/oss-security/2020/01/22/1