Description
Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://plone.org/security/hotfix/20200121
Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2020/01/22/1
Vendor Advisory x_refsource_misc
https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked
Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/01/24/1
Scores
CVSS v3
7.5
EPSS
0.0125
EPSS Percentile
65.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-521
Status
published
Products (2)
plone/plone
4.3.0 - 5.2.0
pypi/Plone
4.3 - 4.3.20PyPI
Published
Jan 23, 2020
Tracked Since
Feb 18, 2026