[New-bugs-announce] [issue18134] zipfile extractall accepts wrong password
Benedict Kwok
report at bugs.python.org
Tue Jun 4 22:24:26 CEST 2013
New submission from Benedict Kwok:
Steps to reproduce:
1) create a ssn.txt file with social security numbers of customers
2) create a zip file with a password: zip -P secret ssn ssn.txt
3) create a python script to extract the zipfile by:
import=zipfile
zFile=zipfile.ZipFile("ssn.zip")
try:
zFile.extractall(pwd="secret")
except Exception, e:
print e
This will extract the ssn.txt into the directory by using the right password "secret"different
4) However, by using a wrong password "proa" this does not get the exception. Instead create a ssn.txt file which is corrupted.
5) Other wrong password will get the exception but not the one descripted in step 4.
----------
messages: 190610
nosy: benedictkwok
priority: normal
severity: normal
status: open
title: zipfile extractall accepts wrong password
type: security
versions: Python 2.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue18134>
_______________________________________
More information about the New-bugs-announce
mailing list