1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Candidate: CVE-2013-2047
PublicDate: 2014-03-14
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2047
http://owncloud.org/about/security/advisories/oC-SA-2013-023/
Description:
The login page (aka index.php) in ownCloud before 5.0.6 does not disable
the autocomplete setting for the password parameter, which makes it easier
for physically proximate attackers to guess the password.
Ubuntu-Description:
Notes:
jdstrand> per upstream, 5.0 only
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_owncloud:
upstream_owncloud: released (5.0.6)
lucid_owncloud: DNE
precise_owncloud: not-affected
quantal_owncloud: not-affected (4.0.8debian-1.1ubuntu0.1)
raring_owncloud: ignored (reached end-of-life)
saucy_owncloud: not-affected (5.0.10+dfsg-1ubuntu1)
trusty_owncloud: not-affected (6.0.1+dfsg-1ubuntu1)
devel_owncloud: not-affected (6.0.1+dfsg-1ubuntu1)
|