CVE-2013-2047
First published: Fri Mar 14 2014(Updated: )
The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ownCloud | <=5.0.5 | |
| ownCloud | =5.0.0 | |
| ownCloud | =5.0.1 | |
| ownCloud | =5.0.2 | |
| ownCloud | =5.0.3 | |
| ownCloud | =5.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2013-2047?
CVE-2013-2047 is classified as a medium severity vulnerability due to the risk of password disclosure to physically proximate attackers.
How do I fix CVE-2013-2047?
To fix CVE-2013-2047, upgrade to ownCloud version 5.0.6 or later, which disables autocomplete for the password field.
Which versions of ownCloud are affected by CVE-2013-2047?
CVE-2013-2047 affects ownCloud versions before 5.0.6, including versions 5.0.0 to 5.0.5.
What type of attack does CVE-2013-2047 expose users to?
CVE-2013-2047 exposes users to potential password guessing attacks by allowing password autocomplete on the login page.
Is CVE-2013-2047 a remote or local vulnerability?
CVE-2013-2047 is considered a local vulnerability since it requires physical proximity to the target system to exploit.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/owncloud
- canonical/owncloud
- version/owncloud/5.0.5
- version/owncloud/5.0.0
- version/owncloud/5.0.1
- version/owncloud/5.0.2
- version/owncloud/5.0.3
- version/owncloud/5.0.4