Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5607

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-5607
Last Modified 18 Dec 2012 12:00:00
Published 17 Dec 2012 08:55:07
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5607

Summary

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."

Vulnerable Systems

Application

  • Owncloud 3.0.0

  • Owncloud 3.0.1

  • Owncloud 3.0.2

  • Owncloud 3.0.3

  • Owncloud 4.0.0

  • Owncloud 4.0.1

  • Owncloud 4.0.2

  • Owncloud 4.0.3

  • Owncloud 4.0.4

  • Owncloud 4.0.5

  • Owncloud 4.0.6

  • Owncloud 4.0.7

  • Owncloud 4.0.8

  • Owncloud 4.5.0


References

CONFIRM - https://github.com/owncloud/core/commit/99cd922

MLIST - [oss-security] 20121130 Re: CVE Request: owncloud

CONFIRM - http://owncloud.org/security/advisories/oc-sa-2012-002/

CONFIRM - http://owncloud.org/changelog/


Last Updated: 27 May 2016 11:01:28