Description

The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password.

Remediation

References

CVE-2013-2047

Related Vulnerabilities

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1154)

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-5003)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2165)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0825)

WordPress Plugin Related Posts by Zemanta Cross-Site Request Forgery (1.3.1)

Severity

Low

Classification

CVE-2013-2047 CWE-264

Tags

Missing Update Known Vulnerabilities