CVE-2014-9043

medium

Description

The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.

References

https://owncloud.org/security/advisory/?id=oc-sa-2014-020

Details

Source: MITRE

Published: 2015-02-04

Updated: 2015-02-05

Type: CWE-287

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM