CVE Vulnerabilities

CVE-2014-9043

Improper Authentication

Published: Feb 04, 2015 | Modified: Mar 31, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Owncloud Owncloud * 5.0.17 (including)
Owncloud_server Owncloud 5.0.0 (including) 5.0.0 (including)
Owncloud_server Owncloud 5.0.1 (including) 5.0.1 (including)
Owncloud_server Owncloud 5.0.2 (including) 5.0.2 (including)
Owncloud_server Owncloud 5.0.3 (including) 5.0.3 (including)
Owncloud_server Owncloud 5.0.4 (including) 5.0.4 (including)
Owncloud_server Owncloud 5.0.5 (including) 5.0.5 (including)
Owncloud_server Owncloud 5.0.6 (including) 5.0.6 (including)
Owncloud_server Owncloud 5.0.7 (including) 5.0.7 (including)
Owncloud_server Owncloud 5.0.8 (including) 5.0.8 (including)
Owncloud_server Owncloud 5.0.9 (including) 5.0.9 (including)
Owncloud_server Owncloud 5.0.10 (including) 5.0.10 (including)
Owncloud_server Owncloud 5.0.11 (including) 5.0.11 (including)
Owncloud_server Owncloud 5.0.12 (including) 5.0.12 (including)
Owncloud_server Owncloud 5.0.13 (including) 5.0.13 (including)
Owncloud_server Owncloud 5.0.14 (including) 5.0.14 (including)
Owncloud_server Owncloud 5.0.14-a (including) 5.0.14-a (including)
Owncloud_server Owncloud 5.0.15 (including) 5.0.15 (including)
Owncloud_server Owncloud 5.0.16 (including) 5.0.16 (including)
Owncloud_server Owncloud 6.0.0 (including) 6.0.0 (including)
Owncloud_server Owncloud 6.0.1 (including) 6.0.1 (including)
Owncloud_server Owncloud 6.0.2 (including) 6.0.2 (including)
Owncloud_server Owncloud 6.0.3 (including) 6.0.3 (including)
Owncloud_server Owncloud 6.0.4 (including) 6.0.4 (including)
Owncloud_server Owncloud 6.0.5 (including) 6.0.5 (including)
Owncloud_server Owncloud 7.0.0 (including) 7.0.0 (including)
Owncloud_server Owncloud 7.0.1 (including) 7.0.1 (including)
Owncloud_server Owncloud 7.0.2 (including) 7.0.2 (including)

Potential Mitigations

References