| Vulnerability Name: | CCN-75042 | ||||||
| Published: | 2012-04-18 | ||||||
| Updated: | 2012-04-18 | ||||||
| Summary: | ownCloud could allow a remote attacker to bypass security restrictions, caused by the generation of predictable tokens for password resets by the index.php script. An attacker could exploit this vulnerability to reset the password of arbitrary users. | ||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N) 4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C)
| ||||||
| Vulnerability Consequences: | Bypass Security | ||||||
| References: | Source: CCN Type: ownCloud Web site ownCloud.org | Your Cloud, Your Data, Your Way! Source: CCN Type: Packetstorm Security Website Owncloud Account Overtake / File Upload Code Execution Source: CCN Type: Full-Disclosure Mailing list, Thu, 19 Apr 2012 19:55:55 +0200 Weak password reset token & code exec in ownCloud 3.0.0 Source: CCN Type: SA48856 ownCloud Password Reset Vulnerability Source: CCN Type: OSVDB ID: 81276 ownCloud Predictable Token Password Reset Weakness Source: CCN Type: BID-53179 ownCloud Password Reset Security Bypass Vulnerability Source: XF Type: UNKNOWN owncloud-index-security-bypass(75042) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||