Описание
The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [5.0.4debian-0ubuntu1]] |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | ignored | end of life |
| precise | not-affected | |
| quantal | released | 4.0.8debian-1.1ubuntu0.1 |
| raring | not-affected | 5.0.4debian-0ubuntu1 |
| saucy | not-affected | 5.0.4debian-0ubuntu1 |
| trusty | not-affected | 5.0.4debian-0ubuntu1 |
Показывать по
5 Medium
CVSS2
Связанные уязвимости
The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."
The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4 ...
The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."
5 Medium
CVSS2