Hey all, With todays release we fixed a major security vulnerability related to our installation routine. (oC-SA-2013-015, CVE-2013-1941)
In our installation process, a new database user is generated with a random password. However, our PostgreSQL setup routine was using the PHP function time() as random source, which allows an attacker to guess the database password very easily. We highly recommend any PostgreSQL user to change the database password (have a look at config/config.php). Sorry for any inconvenience this might cause. Thanks, Lukas -- ownCloud Your Cloud, Your Data, Your Way! GPG: 0xEB32B77BA406BE99
_______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
