Description

The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts.

Remediation

References

CVE-2017-5865

Related Vulnerabilities

WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.44)

MySQL CVE-2021-35625 Vulnerability (CVE-2021-35625)

WordPress Plugin Slider Hero with Animation, Video Background Unspecified Vulnerability (5.5.0)

WordPress Plugin uTubeVideo Gallery Cross-Site Scripting (2.0.7)

WordPress Plugin ContentStudio Multiple Vulnerabilities (1.2.5)

Severity

Low

Classification

CVE-2017-5865 CWE-200 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities