Description

The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts.

Remediation

References

CVE-2017-5865

Related Vulnerabilities

WordPress Plugin WordPress Popular Posts Cross-Site Scripting (5.3.5)

WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Security Bypass (9.0)

WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (1.9.1)

Oracle Database Server CVE-2007-5510 Vulnerability (CVE-2007-5510)

Joomla! Core 1.0.5 Security Bypass (1.0.5)

Severity

Low

Classification

CVE-2017-5865 CWE-200 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities