CVE-2012-6661

Advisory

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6661
• https://plone.org/products/plone/security/advisories/20121106/24
• https://plone.org/products/plone-hotfix/releases/20121124
• https://bugs.launchpad.net/zope2/+bug/1071067
• http://www.openwall.com/lists/oss-security/2012/11/10/1
• https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt