CVE-2013-2047

owncloud < 5.0.6 - Password Autocomplete Exposure in Login Page

Title source: llm
STIX 2.1

Description

The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://owncloud.org/about/security/advisories/oC-SA-2013-023/

Scores

EPSS 0.0006
EPSS Percentile 19.1%

Details

CWE
CWE-264
Status published
Products (6)
owncloud/owncloud < 5.0.5
owncloud/owncloud_server 5.0.0
owncloud/owncloud_server 5.0.1
owncloud/owncloud_server 5.0.2
owncloud/owncloud_server 5.0.3
owncloud/owncloud_server 5.0.4
Published Mar 14, 2014
Tracked Since Feb 18, 2026