ownCloud Desktop Client Vulnerability Allows Man-in-the-Middle Attacks
CVE-2015-4456

Currently unrated

Key Information:

Vendor: Owncloud
Status: Owncloud Desktop Client
Vendor: CVE Published:; 26 October 2015

What is CVE-2015-4456?

The ownCloud Desktop Client prior to version 1.8.2 fails to properly invoke the QNetworkReply::ignoreSslErrors function with the necessary list of SSL error types. This oversight allows man-in-the-middle attackers to exploit self-signed certificates, enabling them to intercept and potentially access sensitive information without alerting the user to the certificate’s lack of validity. This vulnerability raises significant security concerns, as it undermines user trust in SSL connections.

References

http://www.debian.org/security/2015/dsa-3363

vendor-advisoryx_refsource_DEBIAN

https://github.com/owncloud/client/issues/3283

x_refsource_CONFIRM

https://owncloud.org/security/advisory/?id=oc-sa-2015-009

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2015
Vulnerability Reserved
Jun 9, 2015

Owncloud

What is CVE-2015-4456?

References

Timeline