This issue occurs at sending a password reset E-Mail, where a difference in error messages could allow an attacker to determine if the username is valid or not
Hide sensitive information in error messages
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
CPE | Name | Operator | Version |
---|---|---|---|
owncloud server | lt | 9.0.7 | |
owncloud server | lt | 8.2.9 | |
owncloud server | lt | 9.1.3 | |
owncloud server | lt | 8.1.11 |