Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
owncloudOwnCloudOC-SA-2014-002
HistoryJul 03, 2014 - 2:00 a.m.

Server: Insecure OpenID implementation

2014-07-0302:00:00
owncloud.org
3

0.004 Low

EPSS

Percentile

75.0%

JSON

Due to an insecure OpenID implementation used by user_openid in ownCloud 5 it is possible to log-into a system using an arbitrary OpenID Account (without knowing any secret information, i.e. the password, about it) by using a malicious OpenID provider.

For more information please consult the official advisory.

This advisory is licensed CC BY-SA 4.0

CPENameOperatorVersion
owncloud serverlt5.0.15

Related

openvas 2
cvelist 1
ubuntucve 1
nvd 1
owncloud 1
prion 1
cve 1
openvas
openvas
ownCloud 'OpenID' Access Control Bypass Vulnerability - Linux
2018-04-02 00:00:00
ownCloud 'OpenID' Access Control Bypass Vulnerability - Windows
2018-04-02 00:00:00
cvelist
cvelist
CVE-2014-2048
2018-03-26 18:00:00
ubuntucve
ubuntucve
CVE-2014-2048
2018-03-26 00:00:00
nvd
nvd
CVE-2014-2048
2018-03-26 18:29:00
owncloud
owncloud
Insecure OpenID implementation - ownCloud
2014-07-03 18:18:17
prion
prion
Information disclosure
2018-03-26 18:29:00
cve
cve
CVE-2014-2048
2018-03-26 18:29:00

0.004 Low

EPSS

Percentile

75.0%

JSON
Related for OC-SA-2014-002
openvas2cvelist1ubuntucve1nvd1owncloud1prion1cve1