The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password.
References
| Link | Resource |
|---|---|
| http://owncloud.org/about/security/advisories/oC-SA-2013-023/ | Patch Vendor Advisory |
| http://owncloud.org/about/security/advisories/oC-SA-2013-023/ | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
31 Mar 2025, 11:54
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:* |
cpe:2.3:a:owncloud:owncloud_server:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:5.0.4:*:*:*:*:*:*:* |
| First Time |
Owncloud owncloud Server
|
21 Nov 2024, 01:50
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://owncloud.org/about/security/advisories/oC-SA-2013-023/ - Patch, Vendor Advisory |
Information
Published : 2014-03-14 16:55
Updated : 2025-03-31 11:54
NVD link : CVE-2013-2047
Mitre link : CVE-2013-2047
CVE.ORG link : CVE-2013-2047
JSON object : View
Products Affected
owncloud
- owncloud
- owncloud_server
CWE
CWE-264
Permissions, Privileges, and Access Controls