5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
60.4%
The “Lost Password” reset functionality in ownCloud before 4.0.9 and 4.5.0
does not properly check the security token, which allows remote attackers
to change an accounts password via unspecified vectors related to a “Remote
Timing Attack.”
Author | Note |
---|---|
mdeslaur | owncloud packages in Ubuntu are now empty |
owncloud.org/security/advisories/oc-sa-2012-002/
www.openwall.com/lists/oss-security/2012/11/30
www.openwall.com/lists/oss-security/2012/11/30/2
launchpad.net/bugs/cve/CVE-2012-5607
nvd.nist.gov/vuln/detail/CVE-2012-5607
security-tracker.debian.org/tracker/CVE-2012-5607
www.cve.org/CVERecord?id=CVE-2012-5607