CVE-2014-9043

ownCloud <5.0.18, <6.0.6, <7.0.3 - Auth Bypass

Title source: llm

Description

The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.

References (1)

Scores

EPSS 0.0038
EPSS Percentile 59.2%

Classification

CWE
CWE-287
Status draft

Affected Products (28)

owncloud/owncloud < 5.0.17
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
... and 13 more

Timeline

Published Feb 04, 2015
Tracked Since Feb 18, 2026