Password autocompletion (oC-SA-2013-023)


AFFECTED SOFTWARE

  • ownCloud Server < 5.0.6

RISK

  • Low

CVE

  • CVE-2013-2047

COMMITS

DESCRIPTION

Index.php (aka the login page) contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete.

RESOLUTION

Update to ownCloud Server 5.0.6
http://download.owncloud.org/community/owncloud-5.0.6.tar.bz2