CVE-2012-5607

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:44

Type Values Removed Values Added
References () http://owncloud.org/changelog/ - () http://owncloud.org/changelog/ -
References () http://owncloud.org/security/advisories/oc-sa-2012-002/ - Patch, Vendor Advisory () http://owncloud.org/security/advisories/oc-sa-2012-002/ - Patch, Vendor Advisory
References () http://www.openwall.com/lists/oss-security/2012/11/30/3 - Patch () http://www.openwall.com/lists/oss-security/2012/11/30/3 - Patch
References () https://github.com/owncloud/core/commit/99cd922 - Patch () https://github.com/owncloud/core/commit/99cd922 - Patch

Information

Published : 2012-12-18 01:55

Updated : 2024-11-21 01:44


NVD link : CVE-2012-5607

Mitre link : CVE-2012-5607

CVE.ORG link : CVE-2012-5607


JSON object : View

Products Affected

owncloud

  • owncloud
CWE
CWE-255

Credentials Management Errors