ownCloud Desktop Client Vulnerability Allows Man-in-the-Middle Attacks
CVE-2015-4456

Currently unrated

Key Information:

Vendor

Owncloud

Status
Owncloud Desktop Client
Vendor
CVE Published:
26 October 2015

What is CVE-2015-4456?

The ownCloud Desktop Client prior to version 1.8.2 fails to properly invoke the QNetworkReply::ignoreSslErrors function with the necessary list of SSL error types. This oversight allows man-in-the-middle attackers to exploit self-signed certificates, enabling them to intercept and potentially access sensitive information without alerting the user to the certificate’s lack of validity. This vulnerability raises significant security concerns, as it undermines user trust in SSL connections.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.debian.org/security/2015/dsa-3363
vendor-advisoryx_refsource_DEBIAN
https://github.com/owncloud/client/issues/3283
x_refsource_CONFIRM
https://owncloud.org/security/advisory/?id=oc-sa-2015-009
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.