Menu
nix.engineering
  • Start
  • Info
  • Link Collection
  • Site Notice
nix.engineering

nextcloud/owncloud user enumeration vulnerbility

Posted on January 12, 2017May 20, 2019
Severity: MEDIUM

Discovered by:
Fabian Fingerle (@otih__)
https://fabian-fingerle.de

nextcloud/owncloud:
Nextcloud is functionally very similar to the widely used Dropbox, with
the primary functional difference being that Nextcloud is free and
open-source, and thereby allowing anyone to install and operate it
without charge on a private server. In contrast to proprietary services
like Dropbox, the open architecture allows adding additional
functionality to the server in form of so-called applications.
Nextcloud is an actively maintained fork of ownCloud. (wikipedia)

Desc:
An independent research uncovered a user enumeration vulnerability in
the password reset form. Response is revealing that account does
or does not exist. 
Even possible that an attacker is able to determine encrypted user
accounts, but has not been tested yet.

Patching:
vulnerbility reported 2016-03-26 and marked as enhancement
https://github.com/owncloud/core/issues/23595

Exploit:
$ pypy ex.py cloud.isp.com user.txt 
[+] owncloud / nextcloud user enumeration vulnerbility
[-]
[+] Collected all HTTP Cookie and Anti-CSRF-information
[-]
[+] user test is valid
[+] user customer is valid
[+] user n3rD is valid
[+] user admin is invalid
[+] user h4xx0r is valid
[+] user admin is valid

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • ntp – what time it is?
  • Remove service from services.msc
  • Oracle DBNEWID Utility for new DBID and DBNAME
  • ORA-01103: database name ‘DB1’ in control file is not ‘DB2’
  • SQL1041N: The maximum number of concurrent databases have already been started. SQLSTATE=57032

Categories

  • Database
  • DB2
  • Exploit
  • Misc
  • Oracle
  • Security

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org
©2021 nix.engineering | WordPress Theme by Superb WordPress Themes