[Announcements] Security: Change your PostgreSQL database password

Lukas Reschke lukas at owncloud.org
Thu Apr 11 16:24:54 MEST 2013

Hey all,

With todays release we fixed a major security vulnerability related to our
installation routine. (oC-SA-2013-015, CVE-2013-1941)

In our installation process, a new database user is generated with a random
password. However, our PostgreSQL setup routine was using the PHP function
time() as random source, which allows an attacker to guess the database
password very easily.

We highly recommend any PostgreSQL user to change the database password
(have a look at config/config.php). Sorry for any inconvenience this might


Your Cloud, Your Data, Your Way!

GPG: 0xEB32B77BA406BE99
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.owncloud.org/pipermail/announcements/attachments/20130411/6c567756/attachment.html>

More information about the Announcements mailing list