CVE-2009-0662 Information

Description

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2 a product for Plone does not properly handle the login form which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.

Reference

http://osvdb.org/53975 http://plone.org/products/plone/security/advisories/cve-2009-0662 http://secunia.com/advisories/34840 http://www.securityfocus.com/bid/34664 https://exchange.xforce.ibmcloud.com/vulnerabilities/50061