Lucene search
HistoryMar 14, 2014 - 4:55 p.m.
CVE-2013-2047
cve-2013-2047
owncloud
login page
autocomplete
password security
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
6.6 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
43.4%
The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password.
Affected configurations
Node
owncloudowncloudRange≤5.0.5
ORowncloudowncloudMatch5.0.0
ORowncloudowncloudMatch5.0.1
ORowncloudowncloudMatch5.0.2
ORowncloudowncloudMatch5.0.3
ORowncloudowncloudMatch5.0.4
Related
cvelist
cvelist
CVE-2013-2047
2014-03-14 16:00:00
ubuntucve
ubuntucve
CVE-2013-2047
2014-03-14 00:00:00
nvd
nvd
CVE-2013-2047
2014-03-14 16:55:05
owncloud
owncloud
Server: Password autocompletion
2013-05-14 11:42:22
Password autocompletion - ownCloud
2013-05-14 18:11:06
prion
prion
Default credentials
2014-03-14 16:55:00
openvas
openvas
ownCloud Multiple Vulnerabilities - 01 (May 2014)
2014-05-06 00:00:00
freebsd
freebsd
owncloud -- Multiple security vulnerabilities
2013-05-14 00:00:00
nessus
nessus
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
6.6 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
43.4%
Related for CVE-2013-2047