CVE-2020-7940: Plone allows weak passwords
(updated )
Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking.
References
- github.com/advisories/GHSA-cw58-gpgw-hwx2
- github.com/plone/Plone
- github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-89.yaml
- nvd.nist.gov/vuln/detail/CVE-2020-7940
- plone.org/security/hotfix/20200121
- plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked
- www.openwall.com/lists/oss-security/2020/01/22/1
Detect and mitigate CVE-2020-7940 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →