{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The \"Lost Password\" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a \"Remote Timing Attack.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-12-18T01:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://owncloud.org/security/advisories/oc-sa-2012-002/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/owncloud/core/commit/99cd922"}, {"name": "[oss-security] 20121130 Re: CVE Request: owncloud", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://owncloud.org/changelog/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5607", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The \"Lost Password\" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a \"Remote Timing Attack.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://owncloud.org/security/advisories/oc-sa-2012-002/", "refsource": "CONFIRM", "url": "http://owncloud.org/security/advisories/oc-sa-2012-002/"}, {"name": "https://github.com/owncloud/core/commit/99cd922", "refsource": "CONFIRM", "url": "https://github.com/owncloud/core/commit/99cd922"}, {"name": "[oss-security] 20121130 Re: CVE Request: owncloud", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"}, {"name": "http://owncloud.org/changelog/", "refsource": "CONFIRM", "url": "http://owncloud.org/changelog/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:14:16.137Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://owncloud.org/security/advisories/oc-sa-2012-002/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/owncloud/core/commit/99cd922"}, {"name": "[oss-security] 20121130 Re: CVE Request: owncloud", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://owncloud.org/changelog/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5607", "datePublished": "2012-12-18T01:00:00Z", "dateReserved": "2012-10-24T00:00:00Z", "dateUpdated": "2024-09-16T18:03:39.884Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AB005B3-22C4-4365-B287-FBF77657DE66", "versionEndIncluding": "4.0.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud_server:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "77DE37D0-74E5-4D66-8A2D-DA177936A4F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud_server:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DB0E5BB3-900E-4D95-B302-4120567B6155", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud_server:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E1BB82C7-11E5-44E4-9029-76AE1F4AE937", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud_server:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "40348D52-10C6-4436-84DC-4B63271AF180", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D77D4260-0D48-47EE-A09B-FC200CB36A38", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "78FEEBC0-9483-4EBE-B6E4-5390144A36F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7DED1F21-0941-4E3C-BA04-15D1C3B685C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "3A7951FE-9C41-4CCF-933F-56204147148B", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8F36384F-ECB2-48F5-AB32-85AB643CD816", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "7DA03000-6D01-4CDA-8C83-C2AFC649B869", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "8206EE35-2939-44B4-BBCF-C384C6206122", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "E7E07400-C700-454C-B5EF-4992F2089BE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud_server:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "56D46962-C2C4-4468-9DB0-15AFF4FE8032", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The \"Lost Password\" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a \"Remote Timing Attack.\""}, {"lang": "es", "value": "La funcionalidad de reinicio \"Contrase\u00f1a olvidada\" en ownCloud v4.0.9 y antes de v4.5.0 no comprueba correctamente el token de seguridad, lo que permite a atacantes remotos para cambiar la contrase\u00f1a de las cuentas a trav\u00e9s de vectores no especificados relacionados con un \"Remote Timing Attack\"."}], "id": "CVE-2012-5607", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-18T01:55:07.287", "references": [{"source": "secalert@redhat.com", "url": "http://owncloud.org/changelog/"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://owncloud.org/security/advisories/oc-sa-2012-002/"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/owncloud/core/commit/99cd922"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://owncloud.org/changelog/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://owncloud.org/security/advisories/oc-sa-2012-002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/owncloud/core/commit/99cd922"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}