Description

The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.

Remediation

References

CVE-2014-9043

Related Vulnerabilities

Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.10)

MediaWiki Improper Access Control Vulnerability (CVE-2016-6337)

WordPress Plugin WP Activity Log Security Bypass (3.3.1.1)

Apache HTTP Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3185)

WordPress Plugin Arabic Font Multiple Vulnerabilities (1.2)

Severity

Medium

Classification

CVE-2014-9043 CWE-287

Tags

Missing Update Known Vulnerabilities