CVE-2013-1941Improper Control of Interaction Frequency in Owncloud

CWE-3103 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 52.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedJun 4
Latest updateMay 17

Description

The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDowncloud/owncloud_server26 versions+25
NVDowncloud/owncloud4.0.13

🔴Vulnerability Details

2
GHSA
GHSA-rm83-wmw9-vv92: The installation routine in ownCloud Server before 42022-05-17
CVEList
CVE-2013-1941: The installation routine in ownCloud Server before 42014-06-04
CVE-2013-1941 — Owncloud vulnerability | cvebase