what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Nextcloud / Owncloud User Enumeration

Nextcloud / Owncloud User Enumeration
Posted Jan 13, 2017
Authored by Fabian Fingerle

The password reset form in Nextcloud and Owncloud suffers from a user enumeration vulnerability.

tags | advisory
SHA-256 | da096e428809ed496cecdae0c5425aec544c24d1e1001bda302b6555825ea2ca

Nextcloud / Owncloud User Enumeration

Change Mirror Download
nextcloud/owncloud user enumeration vulnerbility

Severity: MEDIUM

Discovered by:
Fabian Fingerle (@otih__)
https://fabian-fingerle.de

nextcloud/owncloud:
Nextcloud is functionally very similar to the widely used Dropbox, with
the primary functional difference being that Nextcloud is free and
open-source, and thereby allowing anyone to install and operate it
without charge on a private server. In contrast to proprietary services
like Dropbox, the open architecture allows adding additional
functionality to the server in form of so-called applications.
Nextcloud is an actively maintained fork of ownCloud. (wikipedia)

Desc:
An independent research uncovered a user enumeration vulnerability in
the password reset form. Response is revealing that account does
or does not exist.
Even possible that an attacker is able to determine encrypted user
accounts, but has not been tested yet.

Patching:
vulnerbility reported 2016-03-26 and marked as enhancement
https://github.com/owncloud/core/issues/23595

Exploit:
$ pypy ex.py cloud.isp.com user.txt
[+] owncloud / nextcloud user enumeration vulnerbility
[-]
[+] Collected all HTTP Cookie and Anti-CSRF-information
[-]
[+] user test is valid
[+] user customer is valid
[+] user n3rD is valid
[+] user h4xx0r is valid
[+] user admin is valid

For updates follow:

https://twitter.com/otih__

I'll send another email to the list once the trivial script is
published.

--
Regards,
Fabian Fingerle - aka otih
https://fabian-fingerle.de
t: @otih__
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close