CVE-2012-5607

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-12-18 01:55

Updated : 2024-02-28 12:00


NVD link : CVE-2012-5607

Mitre link : CVE-2012-5607

CVE.ORG link : CVE-2012-5607


JSON object : View

Products Affected

owncloud

  • owncloud
CWE
CWE-255

Credentials Management Errors