Zope Failed Login Information Disclosure Vulnerability

info
discussion
exploit
solution
references

Zope Failed Login Information Disclosure Vulnerability

Zope is prone to a vulnerability which may cause sensitive information to be disclosed to remote attackers.

Reportedly, Zope will disclose path information if a user hits 'Cancel' after a failed login attempt to the management interface.

This type of information may be useful in further attacks against the host.