CVE-2017-5865

Name of the Vulnerable Software and Affected Versions ownCloud Server versions prior to 8.1.11 ownCloud Server versions 8.2.x prior to 8.2.9 ownCloud Server versions 9.0.x prior to 9.0.7 ownCloud Server versions 9.1.x prior to 9.1.3

Description The password reset functionality in ownCloud Server has an issue where it sends different error messages depending on whether the username is valid. This allows remote attackers to enumerate user names via a large number of password reset attempts.

Recommendations For ownCloud Server versions prior to 8.1.11, update to version 8.1.11 or later. For ownCloud Server versions 8.2.x prior to 8.2.9, update to version 8.2.9 or later. For ownCloud Server versions 9.0.x prior to 9.0.7, update to version 9.0.7 or later. For ownCloud Server versions 9.1.x prior to 9.1.3, update to version 9.1.3 or later.