First published: Fri Mar 03 2017(Updated: )
The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ownCloud ownCloud | <=8.1.10 | |
ownCloud ownCloud | =8.2.2 | |
ownCloud ownCloud | =8.2.3 | |
ownCloud ownCloud | =8.2.4 | |
ownCloud ownCloud | =8.2.5 | |
ownCloud ownCloud | =8.2.6 | |
ownCloud ownCloud | =8.2.7 | |
ownCloud ownCloud | =8.2.8 | |
ownCloud ownCloud | =9.0.0 | |
ownCloud ownCloud | =9.0.1 | |
ownCloud ownCloud | =9.0.2 | |
ownCloud ownCloud | =9.0.3 | |
ownCloud ownCloud | =9.0.4 | |
ownCloud ownCloud | =9.0.5 | |
ownCloud ownCloud | =9.0.6 | |
ownCloud ownCloud | =9.1.0 | |
ownCloud ownCloud | =9.1.1 | |
ownCloud ownCloud | =9.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.