Description

The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts.

Remediation

References

CVE-2017-5865

Related Vulnerabilities

Oracle Database Server Other Vulnerability (CVE-2005-3437)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.34)

Apache Tomcat CVE-2020-0822 Vulnerability (CVE-2020-0822)

WordPress Plugin Intuitive Custom Post Order Multiple Vulnerabilities (3.1.3)

Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4466)

Severity

Low

Classification

CVE-2017-5865 CWE-200 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities