CVE-2010-2944

zope-ldapuserfolder <2.9-1 - Privilege Escalation

Title source: llm

Description

The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges.

Scores

EPSS 0.0054
EPSS Percentile 67.3%

Classification

CWE
CWE-287
Status draft

Affected Products (1)

jens_vagelpohl/zope-ldapuserfolder

Timeline

Published Aug 20, 2010
Tracked Since Feb 18, 2026