Lucene search
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:B2F45420CC9623AA5B45FF530E98881AHistoryJul 03, 2014 - 6:18 p.m.
Insecure OpenID implementation - ownCloud
2014-07-0318:18:17
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.
owncloud.org
61
0.004 Low
EPSS
Percentile
75.0%
Due to an insecure OpenID implementation used by user_openid in ownCloud 5 it is possible to log-into a system using an arbitrary OpenID Account (without knowing any secret information, i.e. the password, about it) by using a malicious OpenID provider.
Affected Software
- ownCloud Server < 5.0.15 (CVE-2014-2048)
Action Taken
As the application is not longer maintained anymore, user_openid has been removed from the release.
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke - ownCloud Inc. ([email protected]) - Vulnerability discovery and disclosure.
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 5.0.15 |
Related
openvas
openvas
ownCloud 'OpenID' Access Control Bypass Vulnerability - Linux
2018-04-02 00:00:00
ownCloud 'OpenID' Access Control Bypass Vulnerability - Windows
2018-04-02 00:00:00
cvelist
cvelist
CVE-2014-2048
2018-03-26 18:00:00
owncloud
owncloud
Server: Insecure OpenID implementation
2014-07-03 02:00:00
ubuntucve
ubuntucve
CVE-2014-2048
2018-03-26 00:00:00
nvd
nvd
CVE-2014-2048
2018-03-26 18:29:00
prion
prion
Information disclosure
2018-03-26 18:29:00
cve
cve
CVE-2014-2048
2018-03-26 18:29:00