Security Advisory

Back to advisories

Auth bypass in "user_webdavauth" (oC-SA-2013-030)

9th July 2013

Risk level: Medium

Description

A not further specified authentication bypass in the user_webdavauth application has been found. Using this vulnerability an attacker might login to the ownCloud instance without valid credentials.

Affected Software

  • ownCloud Server < 5.0.8 ()
  • ownCloud Server < 4.5.13 ()

Action Taken

Acknowledgements

The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:

  • Lukas Reschke - ownCloud Inc. (lukas@owncloud.org) - Vulnerability discovery and disclosure.