New submission from Benedict Kwok:
Steps to reproduce:
1) create a ssn.txt file with social security numbers of customers
2) create a zip file with a password: zip -P secret ssn ssn.txt
3) create a python script to extract the zipfile by:
import=zipfile
zFile=zipfile.ZipFile("ssn.zip")
try:
zFile.extractall(pwd="secret")
except Exception, e:
print e
This will extract the ssn.txt into the directory by using the right password
"secret"different
4) However, by using a wrong password "proa" this does not get the exception.
Instead create a ssn.txt file which is corrupted.
5) Other wrong password will get the exception but not the one descripted in
step 4.
----------
messages: 190610
nosy: benedictkwok
priority: normal
severity: normal
status: open
title: zipfile extractall accepts wrong password
type: security
versions: Python 2.7
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue18134>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
