Lucene search
Thorsten – Vulnerability discovery and disclosure.OWNCLOUD:9154595CA46A32D4442D2EC4ED0E76E9HistoryFeb 02, 2017 - 11:35 a.m.
User enumeration with error messages - ownCloud
2017-02-0211:35:21
Thorsten – Vulnerability discovery and disclosure.
owncloud.org
540
0.001 Low
EPSS
Percentile
46.6%
This issue occurs at sending a password reset E-Mail, where a difference in error messages could allow an attacker to determine if the username is valid or not
Affected Software
- ownCloud Server < 9.1.3 (CVE-2017-5865)
- ownCloud Server < 9.0.7 (CVE-2017-5865)
- ownCloud Server < 8.2.9 (CVE-2017-5865)
- ownCloud Server < 8.1.11 (CVE-2017-5865)
Action Taken
Hide sensitive information in error messages
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 9.0.7 | |
| owncloud server | lt | 8.2.9 | |
| owncloud server | lt | 9.1.3 | |
| owncloud server | lt | 8.1.11 |
Related
prion
prion
Authentication flaw
2017-03-03 15:59:00
osv
osv
CVE-2017-5865
2017-03-03 15:59:01
ubuntucve
ubuntucve
CVE-2017-5865
2017-03-03 00:00:00
cve
cve
CVE-2017-5865
2017-03-03 15:59:01
cvelist
cvelist
CVE-2017-5865
2017-03-03 15:00:00
nvd
nvd
CVE-2017-5865
2017-03-03 15:59:01
owncloud
owncloud
Server: User enumeration with error messages
2017-02-02 08:46:29
openvas
openvas
ownCloud Multiple Vulnerabilities (Feb 2017) - Linux
2017-02-08 00:00:00
ownCloud Multiple Vulnerabilities (Feb 2017) - Windows
2017-02-08 00:00:00