Why can't I login to my Plone sites?

See plone.org for the announcement.

If you have started having problems logging in to your sites startin Monday or Tuesday (7th/8th of February 2011), there is a good reason for this.

We have been notified by the Plone team that there is a serious security problem with the Plone authentication system. The only way to avoid that problem is to disable the authentication system. There is a fix available as a Plone product (we assume), which can be installed by you, your technical people if they know Zope and Plone, or us.

We charge 100 USD for each Zope/Plone instance that gets the fix installed by us. If you have a paid support plan or other arrangements with us, we will install the fix when we can, as soon as it has been released. Customers with prior arrangements will the prioritized.

We chose to disable logins for all customers. This security issue is a serious issue which could in combination with other exploits, compromise your entire site, as well as the visitors to your site.

On a side note, we commend the Plone security team for making workarounds possible, as well as giving ample time to prepare for installing patches.