This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: zipfile extractall accepts wrong password
Type: security Stage: resolved
Components: Versions: Python 2.7
Status: closed Resolution: duplicate
Dependencies: Superseder: Zipfile sometimes considers a false password to be correct
View: 10876
Assigned To: Nosy List: benedictkwok, r.david.murray, vstinner
Priority: normal Keywords:

Created on 2013-06-04 20:24 by benedictkwok, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Messages (2)
msg190610 - (view) Author: Benedict Kwok (benedictkwok) Date: 2013-06-04 20:24
Steps to reproduce:
1) create a ssn.txt file with social security numbers of customers
2) create a zip file with a password: zip -P secret ssn ssn.txt
3) create a python script to extract the zipfile by:
except Exception, e:
      print e

This will extract the ssn.txt into the directory by using the right password "secret"different
4) However, by using a wrong password "proa"  this does not get the exception. Instead create a ssn.txt file which is corrupted.
5) Other wrong password will get the exception but not the one descripted in step 4.
msg190638 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2013-06-05 01:55
This is a duplicate of issue 10876.  According to that issue it is a bug in the zipfile format.
Date User Action Args
2022-04-11 14:57:46adminsetgithub: 62334
2013-06-05 01:55:55r.david.murraysetstatus: open -> closed

superseder: Zipfile sometimes considers a false password to be correct

nosy: + r.david.murray
messages: + msg190638
resolution: duplicate
stage: resolved
2013-06-04 20:37:23vstinnersetnosy: + vstinner
2013-06-04 20:24:26benedictkwokcreate