Zope PluggableAuthService 'updateUser()' Method Denial Of Service Vulnerability

Zope PluggableAuthService 'updateUser()' Method Denial Of Service Vulnerability

Zope PluggableAuthService is prone to a denial-of-service vulnerability.

An authenticated attacker can exploit this issue to reset their username to an existing username, resulting in a persistent denial-of-service condition for the victim user.

Versions prior to Zope PluggableAuthService 1.5.5, 1.6.5, and 1.7.5 are vulnerable.