7.5

CVE-2020-7940

Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PlonePlone Version >= 4.3.0 <= 5.2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.25% 0.656
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-521 Weak Password Requirements

The product does not require that users should have strong passwords.

http://www.openwall.com/lists/oss-security/2020/01/24/1
Third Party Advisory
https://plone.org/security/hotfix/20200121
Vendor Advisory
https://www.openwall.com/lists/oss-security/2020/01/22/1
Third Party Advisory
Mailing List
https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked
Vendor Advisory