CVE-2013-2047 - OpenCVE

The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Owncloud	Owncloud

Configuration 1 [-]

OR	cpe:2.3:a:owncloud:owncloud::::::::
	cpe:2.3:a:owncloud:owncloud:5.0.0:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.1:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.2:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.3:::::::*
	cpe:2.3:a:owncloud:owncloud:5.0.4:::::::*

No data.

References

Link	Providers
http://owncloud.org/about/security/advisories/oC-SA-2013-023/

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-03-14T16:00:00

Updated: 2024-08-06T15:20:37.449Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-2047

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-03-14T16:55:05.443

Modified: 2014-03-17T15:37:36.897

Link: CVE-2013-2047

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-19T00:00:00", "descriptions": [{"lang": "en", "value": "The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-14T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://owncloud.org/about/security/advisories/oC-SA-2013-023/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2047", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-023/", "refsource": "CONFIRM", "url": "http://owncloud.org/about/security/advisories/oC-SA-2013-023/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:37.449Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://owncloud.org/about/security/advisories/oC-SA-2013-023/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2047", "datePublished": "2014-03-14T16:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:37.449Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "91C054D8-4161-4B1A-A7C2-BC9CF9C40FDC", "versionEndIncluding": "5.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DF826F2B-83E1-4E64-A56C-B564028EBD6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "22A19441-2041-45DC-9F59-783C9B1FF9D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "43448288-B129-4210-9680-55836869F09F", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "78639CDB-3763-4E71-B4F9-E51E5A261A16", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8DBE1CE3-7A8D-4C97-8066-F59C346A0494", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password."}, {"lang": "es", "value": "La p\u00e1gina de inicio de sesi\u00f3n (tambi\u00e9n conocido como index.php) en ownCloud anterior a 5.0.6 no deshabilita la configuraci\u00f3n de autocompletar para el par\u00e1metro password, lo que facilita a atacantes f\u00edsicamente pr\u00f3ximos adivinar la contrase\u00f1a."}], "id": "CVE-2013-2047", "lastModified": "2014-03-17T15:37:36.897", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-03-14T16:55:05.443", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://owncloud.org/about/security/advisories/oC-SA-2013-023/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}