CVE-2013-1941

ownCloud Server < 4.0.14, 4.5.x < 4.5.9, 5.0.x < 5.0.4 - Weak PostgreSQL Password Generation via Time-Based Seed

Title source: llm

Description

The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://owncloud.org/about/security/advisories/oC-SA-2013-015/

Scores

EPSS 0.0034

EPSS Percentile 57.2%

Details

CWE

CWE-310

Status published

Products (27)

owncloud/owncloud < 4.0.13

owncloud/owncloud_server 4.0.0

owncloud/owncloud_server 4.0.1

owncloud/owncloud_server 4.0.2

owncloud/owncloud_server 4.0.3

owncloud/owncloud_server 4.0.4

owncloud/owncloud_server 4.0.5

owncloud/owncloud_server 4.0.6

owncloud/owncloud_server 4.0.7

owncloud/owncloud_server 4.0.8

... and 17 more

Published Jun 04, 2014

Tracked Since Feb 18, 2026