nextcloud/owncloud user enumeration vulnerbility Severity: MEDIUM Discovered by: Fabian Fingerle (@otih__) http://ift.tt/2i7U4qw nextcloud/owncloud: Nextcloud is functionally very similar to the widely used Dropbox, with the primary functional difference being that Nextcloud is free and open-source, and thereby allowing anyone to install and operate it without charge on a private server. In contrast to proprietary services like Dropbox, the open architecture allows adding additional functionality to the server in form of so-called applications. Nextcloud is an actively maintained fork of ownCloud. (wikipedia) Desc: An independent research uncovered a user enumeration vulnerability in the password reset form. Response is revealing that account does or does not exist. Even possible that an attacker is able to determine encrypted user accounts, but has not been tested yet. Patching: vulnerbility reported 2016-03-26 and marked as enhancement http://ift.tt/2iNcjOi Exploit: $ pypy ex.py cloud.isp.com user.txt [+] owncloud / nextcloud user enumeration vulnerbility [-] [+] Collected all HTTP Cookie and Anti-CSRF-information [-] [+] user test is valid [+] user customer is valid [+] user n3rD is valid [+] user h4xx0r is valid [+] user admin is valid For updates follow: https://twitter.com/otih__ I'll send another email to the list once the trivial script is published.
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment