DoS discovered in Zope PAS
A Denial-of-Service has been discovered in Zope's PAS module:https://bugs.launchpad.net/zope-pas/+bug/789858
Where a logged-in user can change their username to someone else's and by doing so, deny the user with the other username authenticated access.
We don't see this bug being serious enough to warrant a patch as it isn't a privilege escalation, and we also believe it would affect a small share of our hosting customers.
[Permalink] [By morphex] [Zope instance management (Atom feed)] [2011 31 May 07:25 GMT+2]