Description
The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Fastest Cache Cross-Site Request Forgery (0.8.3.4)
WordPress Plugin Facebook Like Box Cross-Site Request Forgery (2.8.2)
Ruby Double Free Vulnerability (CVE-2022-28738)
WordPress Plugin Slider by 10Web-Responsive Image Slider Cross-Site Request Forgery (1.2.22)
Oracle Database Server CVE-2006-0287 Vulnerability (CVE-2006-0287)