Lucene search
HistoryJun 04, 2014 - 2:55 p.m.
CVE-2013-1941
owncloud
server
installation routine
vulnerability
postgresql
database
password
brute force
attack
cve-2013-1941
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.8 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.9%
The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack.
Affected configurations
Node
owncloudowncloudRange≤4.0.13
ORowncloudowncloudMatch4.0.0
ORowncloudowncloudMatch4.0.1
ORowncloudowncloudMatch4.0.2
ORowncloudowncloudMatch4.0.3
ORowncloudowncloudMatch4.0.4
ORowncloudowncloudMatch4.0.5
ORowncloudowncloudMatch4.0.6
ORowncloudowncloudMatch4.0.7
ORowncloudowncloudMatch4.0.8
ORowncloudowncloudMatch4.0.9
ORowncloudowncloudMatch4.0.10
ORowncloudowncloudMatch4.0.11
ORowncloudowncloudMatch4.0.12
Node
owncloudowncloudMatch4.5.0
ORowncloudowncloudMatch4.5.1
ORowncloudowncloudMatch4.5.2
ORowncloudowncloudMatch4.5.3
ORowncloudowncloudMatch4.5.4
ORowncloudowncloudMatch4.5.5
ORowncloudowncloudMatch4.5.6
ORowncloudowncloudMatch4.5.7
ORowncloudowncloudMatch4.5.8
Node
owncloudowncloudMatch5.0.0
ORowncloudowncloudMatch5.0.1
ORowncloudowncloudMatch5.0.2
ORowncloudowncloudMatch5.0.3
Related
cvelist
cvelist
CVE-2013-1941
2014-06-04 14:00:00
owncloud
owncloud
Server: Insecure database password generator
2013-04-11 11:42:22
Insecure database password generator - ownCloud
2013-04-11 17:57:48
ubuntucve
ubuntucve
CVE-2013-1941
2014-06-04 00:00:00
prion
prion
Design/Logic Flaw
2014-06-04 14:55:00
nvd
nvd
CVE-2013-1941
2014-06-04 14:55:03
openvas
openvas
ownCloud Multiple Vulnerabilities (oC-SA-2013-014, oC-SA-2013-015)
2014-07-03 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.8 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.9%
Related for CVE-2013-1941