Auth bypass in “user_webdavauth”
Platform: ownCloud Server
Versions: 4.5.13, 5.0.8,
Risk level: Medium
A not further specified authentication bypass in the user_webdavauth application has been found. Using this vulnerability an attacker might login to the ownCloud instance without valid credentials.
- ownCloud Server < 5.0.8 ()
- ownCloud Server < 4.5.13 ()
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke – ownCloud Inc. (firstname.lastname@example.org) – Vulnerability discovery and disclosure.