WRITEUP

WRITEUP

Exploit for CVE-2016-9463 - Nextcloud Server < 9.0.54 - Authentication Bypass

AI Analysis

This patch addresses an authentication bypass vulnerability in Nextcloud's SMB external user authentication. The fix ensures that SMB responses are double-verified to prevent unexpected actions when anonymous authentication is allowed.

Attack Type

auth_bypass

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1110 - Brute Force T1078 - Valid Accounts

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087

Authors

Lukas Reschke

Vulnerability

CVE-2016-9463

Nextcloud Server < 9.0.54 - Authentication Bypass

HIGH

CVSS 8.1