CVE-2013-1941

Name of the Vulnerable Software and Affected Versions ownCloud Server versions prior to 4.0.14 ownCloud Server versions 4.5.x prior to 4.5.9 ownCloud Server versions 5.0.x prior to 5.0.4

Description The issue concerns the installation routine of ownCloud Server, where the time function is used to seed the generation of the PostgreSQL database user password. This approach makes it easier for remote attackers to guess the password via a brute force attack.

Recommendations For ownCloud Server versions prior to 4.0.14, update to version 4.0.14 or later. For ownCloud Server versions 4.5.x prior to 4.5.9, update to version 4.5.9 or later. For ownCloud Server versions 5.0.x prior to 5.0.4, update to version 5.0.4 or later.