CVE-2013-1941

The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack.

Affected Software

Name	Vendor	Start Version	End Version
Owncloud	Owncloud	*	4.0.13 (including)
Owncloud_server	Owncloud	4.0.0 (including)	4.0.0 (including)
Owncloud_server	Owncloud	4.0.1 (including)	4.0.1 (including)
Owncloud_server	Owncloud	4.0.2 (including)	4.0.2 (including)
Owncloud_server	Owncloud	4.0.3 (including)	4.0.3 (including)
Owncloud_server	Owncloud	4.0.4 (including)	4.0.4 (including)
Owncloud_server	Owncloud	4.0.5 (including)	4.0.5 (including)
Owncloud_server	Owncloud	4.0.6 (including)	4.0.6 (including)
Owncloud_server	Owncloud	4.0.7 (including)	4.0.7 (including)
Owncloud_server	Owncloud	4.0.8 (including)	4.0.8 (including)
Owncloud_server	Owncloud	4.0.9 (including)	4.0.9 (including)
Owncloud_server	Owncloud	4.0.10 (including)	4.0.10 (including)
Owncloud_server	Owncloud	4.0.11 (including)	4.0.11 (including)
Owncloud_server	Owncloud	4.0.12 (including)	4.0.12 (including)
Owncloud	Ubuntu	oneiric	*
Owncloud	Ubuntu	quantal	*
Owncloud	Ubuntu	raring	*
Owncloud	Ubuntu	saucy	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-1941
CWE	https://cwe.mitre.org/data/definitions/310.html

Affected Software

References