ownCloud Credentials Management Errors Vulnerability (CVE-2012-5607)

Description

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."

Remediation

References

CVE-2012-5607

Related Vulnerabilities

MySQL CVE-2012-1702 Vulnerability (CVE-2012-1702)

Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2019-3823)

WordPress Plugin AdRotate-Ad manager & AdSense Ads SQL Injection (5.2)

WordPress Plugin Sniplets Multiple Input Validation Vulnerabilities (1.2.2)

Resin Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2969)

Severity

Medium

Classification