Description

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."

Remediation

References

CVE-2012-5607

Related Vulnerabilities

Oracle Database Server CVE-2009-1992 Vulnerability (CVE-2009-1992)

WordPress Plugin YouTube Gallery-Best YouTube Video Gallery Cross-Site Scripting (3.2.1)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43716)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4301)

WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)

Severity

Medium

Classification

CVE-2012-5607

Tags

Missing Update Known Vulnerabilities