CVE-2014-9043Improper Authentication in Owncloud

CWE-287Improper Authentication3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 40.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedFeb 4
Latest updateMay 17

Description

The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDowncloud/owncloud5.0.17
NVDowncloud/owncloud_server26 versions+25

🔴Vulnerability Details

2
GHSA
GHSA-rj3c-33c5-42hm: The user_ldap (aka LDAP user and group backend) application in ownCloud before 52022-05-17
CVEList
CVE-2014-9043: The user_ldap (aka LDAP user and group backend) application in ownCloud before 52015-02-04
CVE-2014-9043 — Improper Authentication in Owncloud | cvebase