Nextcloud: The application uses basic authentication.

2016-07-17T00:23:47

Description

Basic authentication is enabled on file access requests ==================== Description --------------------- Basic authentication is enabled on the server if we request for the direct URL of a file. The issues of using Basic Authentication can be read here -> [OWASP: Basic Authentication](https://www.owasp.org/index.php/Basic_Authentication). Though your threat model considers brute-forcing as an acceptable risk, it is also worth noting that use of basic authentication makes the brute-force attacks much easier and faster. Detailed Steps --------------------- **Step 1:** Open the browser and request for the direct URL of a file. Eg: (http://nc.hostiso.cloud/remote.php/webdav/Photos/Squirrel.jpg) {F105383} **Step 2:** Enter the username and password and capture the request in a proxy tool. **Step 3:** It can be observed that the header with Base64 encoded username password is being sent in the request to server. {F105384}

{"id": "H1:151847", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Nextcloud: The application uses basic authentication.", "description": "Basic authentication is enabled on file access requests\n====================\nDescription\n---------------------\nBasic authentication is enabled on the server if we request for the direct URL of a file. The issues of using Basic Authentication can be read here -> [OWASP: Basic Authentication](https://www.owasp.org/index.php/Basic_Authentication). Though your threat model considers brute-forcing as an acceptable risk, it is also worth noting that use of basic authentication makes the brute-force attacks much easier and faster. \n\nDetailed Steps\n---------------------\n**Step 1:** Open the browser and request for the direct URL of a file. Eg: (http://nc.hostiso.cloud/remote.php/webdav/Photos/Squirrel.jpg)\n{F105383}\n**Step 2:** Enter the username and password and capture the request in a proxy tool.\n**Step 3:** It can be observed that the header with Base64 encoded username password is being sent in the request to server. \n{F105384}", "published": "2016-07-17T00:23:47", "modified": "2016-07-18T19:53:39", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/151847", "reporter": "roshanpty", "references": [], "cvelist": [], "lastseen": "2018-04-19T17:34:09", "viewCount": 206, "enchantments": {"score": {"value": 0.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.1}, "bounty": 0.0, "bountyState": "informative", "h1team": {"profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/013/291/1d2ac8991616fcd3e3cdd567d02b7e70e20a3883_medium.png?1491410731", "small": "https://profile-photos.hackerone-user-content.com/000/013/291/5d33b6e08fad356e1743fd899fe7d6dda9971209_small.png?1491410731"}, "handle": "nextcloud", "url": "https://hackerone.com/nextcloud"}, "h1reporter": {"hacker_mediation": false, "disabled": false, "username": "roshanpty", "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/050/237/9356ce1c680cd3f4309e3f3bb8e1633f188a68be_small.jpg?1474744750"}, "hackerone_triager": false, "url": "/roshanpty"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645287021}}