CVE-2012-5607 - OpenCVE

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Owncloud	Owncloud

Configuration 1 [-]

OR	cpe:2.3:a:owncloud:owncloud::::::::
	cpe:2.3:a:owncloud:owncloud:3.0.0:::::::*
	cpe:2.3:a:owncloud:owncloud:3.0.1:::::::*
	cpe:2.3:a:owncloud:owncloud:3.0.2:::::::*
	cpe:2.3:a:owncloud:owncloud:3.0.3:::::::*
	cpe:2.3:a:owncloud:owncloud:4.0.0:::::::*
	cpe:2.3:a:owncloud:owncloud:4.0.1:::::::*
	cpe:2.3:a:owncloud:owncloud:4.0.2:::::::*
	cpe:2.3:a:owncloud:owncloud:4.0.3:::::::*
	cpe:2.3:a:owncloud:owncloud:4.0.4:::::::*
	cpe:2.3:a:owncloud:owncloud:4.0.5:::::::*
	cpe:2.3:a:owncloud:owncloud:4.0.6:::::::*
	cpe:2.3:a:owncloud:owncloud:4.0.7:::::::*
	cpe:2.3:a:owncloud:owncloud:4.5.0:::::::*

No data.

References

Link	Providers
http://owncloud.org/changelog/
http://owncloud.org/security/advisories/oc-sa-2012-002/
http://www.openwall.com/lists/oss-security/2012/11/30/3
https://github.com/owncloud/core/commit/99cd922

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-12-18T01:00:00Z

Updated: 2024-09-16T18:03:39.884Z

Reserved: 2012-10-24T00:00:00Z

Link: CVE-2012-5607

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2012-12-18T01:55:07.287

Modified: 2012-12-18T05:00:00.000

Link: CVE-2012-5607

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The \"Lost Password\" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a \"Remote Timing Attack.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-12-18T01:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://owncloud.org/security/advisories/oc-sa-2012-002/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/owncloud/core/commit/99cd922"}, {"name": "[oss-security] 20121130 Re: CVE Request: owncloud", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://owncloud.org/changelog/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5607", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The \"Lost Password\" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a \"Remote Timing Attack.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://owncloud.org/security/advisories/oc-sa-2012-002/", "refsource": "CONFIRM", "url": "http://owncloud.org/security/advisories/oc-sa-2012-002/"}, {"name": "https://github.com/owncloud/core/commit/99cd922", "refsource": "CONFIRM", "url": "https://github.com/owncloud/core/commit/99cd922"}, {"name": "[oss-security] 20121130 Re: CVE Request: owncloud", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"}, {"name": "http://owncloud.org/changelog/", "refsource": "CONFIRM", "url": "http://owncloud.org/changelog/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:14:16.137Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://owncloud.org/security/advisories/oc-sa-2012-002/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/owncloud/core/commit/99cd922"}, {"name": "[oss-security] 20121130 Re: CVE Request: owncloud", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://owncloud.org/changelog/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5607", "datePublished": "2012-12-18T01:00:00Z", "dateReserved": "2012-10-24T00:00:00Z", "dateUpdated": "2024-09-16T18:03:39.884Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AB005B3-22C4-4365-B287-FBF77657DE66", "versionEndIncluding": "4.0.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A1021FF-2A5A-49AA-A376-09C98FECC519", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F6C12F7-5897-4DBB-A9AB-8180101F37C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E9CC055C-CFA3-4A23-AF91-83F7F087F282", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AA5445B4-9115-4D31-9DF9-E7E30CAF1FFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8FAE7D90-6190-44E2-B4EA-F47FF3263BE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C7BAB402-B6A0-4314-A37A-C9465157BF5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8A32BED8-F428-44D3-BEAC-E0BB0208B6B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F46F53A9-52B2-41D6-859B-9062B1F02B86", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "875B306F-92A2-4360-979E-2B53466A33F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6EB01EA3-3071-424F-9586-83CD208D5CAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "4A704201-6D06-4D01-9A28-3D873ABE1AC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "C1D5E8BD-2264-482E-ABA9-F83D2A13EF88", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The \"Lost Password\" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a \"Remote Timing Attack.\""}, {"lang": "es", "value": "La funcionalidad de reinicio \"Contrase\u00f1a olvidada\" en ownCloud v4.0.9 y antes de v4.5.0 no comprueba correctamente el token de seguridad, lo que permite a atacantes remotos para cambiar la contrase\u00f1a de las cuentas a trav\u00e9s de vectores no especificados relacionados con un \"Remote Timing Attack\"."}], "id": "CVE-2012-5607", "lastModified": "2012-12-18T05:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-18T01:55:07.287", "references": [{"source": "secalert@redhat.com", "url": "http://owncloud.org/changelog/"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://owncloud.org/security/advisories/oc-sa-2012-002/"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/owncloud/core/commit/99cd922"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}