The password reset functionality in ownCloud Server prior to 8.1.11, 8.2.x prior to 8.2.9, 9.0.x prior to 9.0.7, and 9.1.x prior to 9.1.3 sends different error messages depending on whether the username is valid, which allows remote malicious users to enumerate user names via a large number of password reset attempts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
owncloud owncloud 9.0.2 |
||
owncloud owncloud 9.0.3 |
||
owncloud owncloud 9.0.4 |
||
owncloud owncloud 9.0.5 |
||
owncloud owncloud 9.1.1 |
||
owncloud owncloud 9.0.0 |
||
owncloud owncloud 8.2.2 |
||
owncloud owncloud 8.2.4 |
||
owncloud owncloud 9.1.0 |
||
owncloud owncloud 8.2.5 |
||
owncloud owncloud 8.2.6 |
||
owncloud owncloud 8.2.7 |
||
owncloud owncloud 8.2.8 |
||
owncloud owncloud |
||
owncloud owncloud 9.1.2 |
||
owncloud owncloud 9.0.1 |
||
owncloud owncloud 9.0.6 |
||
owncloud owncloud 8.2.3 |