Description
Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.
References (4)
Scores
CVSS v3
7.5
EPSS
0.0034
EPSS Percentile
56.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-521
Status
published
Products (2)
plone/plone
4.3.0 - 5.2.0
pypi/Plone
4.3 - 4.3.20PyPI
Published
Jan 23, 2020
Tracked Since
Feb 18, 2026