CVE-2012-5607

Published December 18th, 2012

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECT

Description

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."

owncloud/core

:cloud: ownCloud web server core (Files, DAV, etc.)

GitHub

8.79K