Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
owncloudPascal Junod – HEIG-VD (University of Applied Sciences Western Switzerland) – Vulnerability discovery and disclosure.OWNCLOUD:A26EA496B1DF1322DF1CBBFD2458EE73
HistoryAug 10, 2012 - 5:04 p.m.

Insufficiently random values - ownCloud

2012-08-1017:04:28
Pascal Junod – HEIG-VD (University of Applied Sciences Western Switzerland) – Vulnerability discovery and disclosure.
owncloud.org
27

0.014 Low

EPSS

Percentile

85.0%

JSON

The rand and mt_rand functions in PHP < 5.4.x do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in ownCloud 4.0.x.

Affected Software

  • ownCloud Server < 4.0.8 (CVE-2008-4107)

Action Taken

It is recommended that all instances are upgraded to ownCloud Server 4.0.8.

Acknowledgements

The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:

  • Pascal Junod - HEIG-VD (University of Applied Sciences Western Switzerland) - Vulnerability discovery and disclosure.
CPENameOperatorVersion
owncloud serverlt4.0.8

Related

owncloud 1
patchstack 1
freebsd 1
openvas 6
nessus 4
ubuntucve 2
debiancve 1
prion 2
cve 2
owncloud
owncloud
Server: Insufficiently random values
2012-08-10 11:42:22
patchstack
patchstack
WordPress <= 2.6.1 - SQL Truncation Vulnerability #1
2008-09-15 00:00:00
freebsd
freebsd
wordpress -- remote privilege escalation
2008-09-08 00:00:00
openvas
openvas
Fedora Update for wordpress FEDORA-2008-7760
2009-02-17 00:00:00
Fedora Update for wordpress FEDORA-2008-7902
2009-02-17 00:00:00
Fedora Update for wordpress FEDORA-2008-7760
2009-02-17 00:00:00
nessus
nessus
Fedora 8 : wordpress-2.6.2-1.fc8 (2008-7760)
2008-09-12 00:00:00
Fedora 9 : wordpress-2.6.2-1.fc9 (2008-7902)
2008-09-12 00:00:00
FreeBSD : wordpress -- remote privilege escalation (884fced7-7f1c-11dd-a66a-0019666436c2)
2008-09-10 00:00:00
ubuntucve
ubuntucve
CVE-2008-4106
2008-09-18 00:00:00
CVE-2008-4107
2008-09-18 00:00:00
debiancve
debiancve
CVE-2008-4106
2008-09-18 17:59:00
prion
prion
Sql injection
2008-09-18 17:59:00
Default credentials
2008-09-18 17:59:00
cve
cve
CVE-2008-4106
2008-09-18 17:59:00
CVE-2008-4107
2008-09-18 17:59:00

0.014 Low

EPSS

Percentile

85.0%

JSON
Related for OWNCLOUD:A26EA496B1DF1322DF1CBBFD2458EE73
owncloud1patchstack1freebsd1openvas6nessus4ubuntucve2debiancve1prion2cve2