SMB User Authentication Bypass in Nextcloud Server and ownCloud Server
CVE-2016-9463
Key Information:
- Vendor
Owncloud
- Vendor
- CVE Published:
- 28 March 2017
Badges
What is CVE-2016-9463?
Nextcloud Server and ownCloud Server exhibit a vulnerability that enables unauthorized access to user accounts through SMB User Authentication Bypass. The issue stems from an optional SMB authentication component that, if configured, allows users to authenticate against an SMB server. Due to improper handling of anonymous authentication configurations that are common in many SMB servers, this vulnerability could allow an unauthenticated attacker to access user accounts without valid credentials. It's important to note that this SMB backend is disabled by default and requires manual configuration in the system's settings.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
5% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved