CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
36.5%
The login page (aka index.php) in ownCloud before 5.0.6 does not disable
the autocomplete setting for the password parameter, which makes it easier
for physically proximate attackers to guess the password.
Author | Note |
---|---|
jdstrand | per upstream, 5.0 only |