Severity: MEDIUM

Discovered by:
Fabian Fingerle (@otih__)

Nextcloud is functionally very similar to the widely used Dropbox, with
the primary functional difference being that Nextcloud is free and
open-source, and thereby allowing anyone to install and operate it
without charge on a private server. In contrast to proprietary services
like Dropbox, the open architecture allows adding additional
functionality to the server in form of so-called applications.
Nextcloud is an actively maintained fork of ownCloud. (wikipedia)

An independent research uncovered a user enumeration vulnerability in
the password reset form. Response is revealing that account does
or does not exist. 
Even possible that an attacker is able to determine encrypted user
accounts, but has not been tested yet.

vulnerbility reported 2016-03-26 and marked as enhancement

$ pypy user.txt 
[+] owncloud / nextcloud user enumeration vulnerbility
[+] Collected all HTTP Cookie and Anti-CSRF-information
[+] user test is valid
[+] user customer is valid
[+] user n3rD is valid
[+] user admin is invalid
[+] user h4xx0r is valid
[+] user admin is valid

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *