Weak Password Requirements Affecting plone package, versions [4.3,4.3.20)[5.0,5.2.1)


Severity

Recommended
0.0
low
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.13% (49th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-PLONE-543306
  • published27 Jan 2020
  • disclosed21 Jan 2020
  • creditBen Kummer

Introduced: 21 Jan 2020

CVE-2020-7940  (opens in a new tab)
CWE-521  (opens in a new tab)

How to fix?

Upgrade Plone to version 4.3.20, 5.2.1 or higher.

Overview

Plone is an user friendly and extensible Content Management System running on top of Python and Zope.

Affected versions of this package are vulnerable to Weak Password Requirements. Some forms that should have checked the strength of a password, did not do this. When registering anonymously, it was checked correctly. But the password reset form or the admin form for adding a new user missed this check.

CVSS Scores

version 3.1