Severity: MEDIUM Discovered by: Fabian Fingerle (@otih__) https://fabian-fingerle.de nextcloud/owncloud: Nextcloud is functionally very similar to the widely used Dropbox, with the primary functional difference being that Nextcloud is free and open-source, and thereby allowing anyone to install and operate it without charge on a private server. In contrast to proprietary services like Dropbox, the open architecture allows adding additional functionality to the server in form of so-called applications. Nextcloud is an actively maintained fork of ownCloud. (wikipedia) Desc: An independent research uncovered a user enumeration vulnerability in the password reset form. Response is revealing that account does or does not exist. Even possible that an attacker is able to determine encrypted user accounts, but has not been tested yet. Patching: vulnerbility reported 2016-03-26 and marked as enhancement https://github.com/owncloud/core/issues/23595 Exploit: $ pypy ex.py cloud.isp.com user.txt [+] owncloud / nextcloud user enumeration vulnerbility [-] [+] Collected all HTTP Cookie and Anti-CSRF-information [-] [+] user test is valid [+] user customer is valid [+] user n3rD is valid [+] user admin is invalid [+] user h4xx0r is valid [+] user admin is valid
