Owncloud versions 3.0.3 and below suffer from a clear text ldap password disclosure vulnerability in owncloud.db.
31549886f764c292ef5d70e3a5a923ec24afda76b24471bdb34b6fc0fa48ebe5
Owncloud App "Ldap user backend" stored password in clear text
Author: francesco.tornieri \"At\" verona-wireless.net
Summary: store domain admin password in clear text
Discovery date: 09/05/2012
Developer date contact : 09/05/2012
Where: From local
Release Date: 11/05/2012
Criticality level: High
Impact: Discovery domain admin password
Software: Owncloud 3.0.3 and below (tested sqlite backend)
Description:
The administrator domain credential are stored in clear text within the owncloud.db file
-------
DOMAIN_ADMIN_PASSWORD="MYPASWWORD"
strings /yourpath/owncloud/data/owncloud.db |grep -i ldap_pass
'#user_ldapldap_passwordMYPASWWORD0%
-------
Francesco Tornieri