CVE-2016-9463 (GCVE-0-2016-9463)
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
3.86% (0.87577)
Summary
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.
References
support@hackerone.comhttps://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274Issue Tracking, Patch, Third Party Advisory
support@hackerone.comhttps://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087Issue Tracking, Patch, Third Party Advisory
support@hackerone.comhttps://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791Issue Tracking, Patch, Third Party Advisory
support@hackerone.comhttps://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732Issue Tracking, Patch, Third Party Advisory
support@hackerone.comhttps://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3Issue Tracking, Patch, Third Party Advisory
support@hackerone.comhttps://hackerone.com/reports/148151Exploit, Third Party Advisory
support@hackerone.comhttps://nextcloud.com/security/advisory/?id=nc-sa-2016-006Patch, Vendor Advisory
support@hackerone.comhttps://owncloud.org/security/advisory/?id=oc-sa-2016-017Patch, Vendor Advisory
support@hackerone.comhttps://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://hackerone.com/reports/148151Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://nextcloud.com/security/advisory/?id=nc-sa-2016-006Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://owncloud.org/security/advisory/?id=oc-sa-2016-017Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/Exploit, Technical Description, Third Party Advisory
Impacted products
Vendor Product Version
n/a Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 Version: Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T02:50:38.584Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://hackerone.com/reports/148151",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://owncloud.org/security/advisory/?id=oc-sa-2016-017",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9",
                  },
               ],
            },
         ],
         datePublic: "2017-03-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-303",
                     description: "Incorrect Implementation of Authentication Algorithms (CWE-303)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-03-28T02:57:01",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://hackerone.com/reports/148151",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://owncloud.org/security/advisory/?id=oc-sa-2016-017",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2016-9463",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Incorrect Implementation of Authentication Algorithms (CWE-303)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274",
                     refsource: "MISC",
                     url: "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274",
                  },
                  {
                     name: "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791",
                     refsource: "MISC",
                     url: "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791",
                  },
                  {
                     name: "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/",
                     refsource: "MISC",
                     url: "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/",
                  },
                  {
                     name: "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732",
                     refsource: "MISC",
                     url: "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732",
                  },
                  {
                     name: "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3",
                     refsource: "MISC",
                     url: "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3",
                  },
                  {
                     name: "https://hackerone.com/reports/148151",
                     refsource: "MISC",
                     url: "https://hackerone.com/reports/148151",
                  },
                  {
                     name: "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087",
                     refsource: "MISC",
                     url: "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087",
                  },
                  {
                     name: "https://owncloud.org/security/advisory/?id=oc-sa-2016-017",
                     refsource: "MISC",
                     url: "https://owncloud.org/security/advisory/?id=oc-sa-2016-017",
                  },
                  {
                     name: "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006",
                     refsource: "MISC",
                     url: "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2016-9463",
      datePublished: "2017-03-28T02:46:00",
      dateReserved: "2016-11-19T00:00:00",
      dateUpdated: "2024-08-06T02:50:38.584Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.0.54\", \"matchCriteriaId\": \"D6E3F368-B854-430E-AB8F-496675C4E210\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndExcluding\": \"10.0.1\", \"matchCriteriaId\": \"8288B81D-CA35-46EB-A7E7-B60B193E3F81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.2.0\", \"versionEndExcluding\": \"8.2.9\", \"matchCriteriaId\": \"D681D54F-2420-4791-98D3-74E8A2E5F919\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndExcluding\": \"9.0.4\", \"matchCriteriaId\": \"E4E30105-E26E-4913-8597-66C1C4ABA11B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.1.0\", \"versionEndExcluding\": \"9.1.2\", \"matchCriteriaId\": \"8E9501A9-E507-4A81-954B-D6D3223EE2F8\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Nextcloud Server en versiones anteriores a 9.0.54 y 10.0.1 y ownCloud Server en versiones anteirores a 9.1.2, 9.0.6 y 8.2.9 sufren de Bypass de autenticaci\\u00f3n de usuario SMB. Nextcloud/ownCloud Incluye un componente de autenticaci\\u00f3n SMB opcional y no predeterminado que permite autenticar a los usuarios en un servidor SMB. Este backend se implementa de una manera que intenta conectarse a un servidor SMB y si eso sucede considerar al usuario conectado. El backend no tom\\u00f3 correctamente en cuenta los servidores SMB que tienen cualquier tipo de configuraci\\u00f3n an\\u00f3nima. Este es el valor predeterminado en los servidores SMB en la actualidad y permite a un atacante no autenticado acceder a una cuenta sin credenciales v\\u00e1lidas. Nota: El servidor SMB est\\u00e1 deshabilitado de forma predeterminada y requiere una configuraci\\u00f3n manual en el archivo de configuraci\\u00f3n Nextcloud/ownCloud. Si no has configurado el servidor SMB, no te ver\\u00e1s afectado por esta vulnerabilidad.\"}]",
         id: "CVE-2016-9463",
         lastModified: "2024-11-21T03:01:16.050",
         metrics: "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
         published: "2017-03-28T02:59:00.933",
         references: "[{\"url\": \"https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://hackerone.com/reports/148151\", \"source\": \"support@hackerone.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://nextcloud.com/security/advisory/?id=nc-sa-2016-006\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://owncloud.org/security/advisory/?id=oc-sa-2016-017\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://hackerone.com/reports/148151\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://nextcloud.com/security/advisory/?id=nc-sa-2016-006\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://owncloud.org/security/advisory/?id=oc-sa-2016-017\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}]",
         sourceIdentifier: "support@hackerone.com",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-303\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2016-9463\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2017-03-28T02:59:00.933\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Nextcloud Server en versiones anteriores a 9.0.54 y 10.0.1 y ownCloud Server en versiones anteirores a 9.1.2, 9.0.6 y 8.2.9 sufren de Bypass de autenticación de usuario SMB. Nextcloud/ownCloud Incluye un componente de autenticación SMB opcional y no predeterminado que permite autenticar a los usuarios en un servidor SMB. Este backend se implementa de una manera que intenta conectarse a un servidor SMB y si eso sucede considerar al usuario conectado. El backend no tomó correctamente en cuenta los servidores SMB que tienen cualquier tipo de configuración anónima. Este es el valor predeterminado en los servidores SMB en la actualidad y permite a un atacante no autenticado acceder a una cuenta sin credenciales válidas. Nota: El servidor SMB está deshabilitado de forma predeterminada y requiere una configuración manual en el archivo de configuración Nextcloud/ownCloud. Si no has configurado el servidor SMB, no te verás afectado por esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-303\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0.54\",\"matchCriteriaId\":\"D6E3F368-B854-430E-AB8F-496675C4E210\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.1\",\"matchCriteriaId\":\"8288B81D-CA35-46EB-A7E7-B60B193E3F81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndExcluding\":\"8.2.9\",\"matchCriteriaId\":\"D681D54F-2420-4791-98D3-74E8A2E5F919\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.4\",\"matchCriteriaId\":\"E4E30105-E26E-4913-8597-66C1C4ABA11B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.1.0\",\"versionEndExcluding\":\"9.1.2\",\"matchCriteriaId\":\"8E9501A9-E507-4A81-954B-D6D3223EE2F8\"}]}]}],\"references\":[{\"url\":\"https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/148151\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://nextcloud.com/security/advisory/?id=nc-sa-2016-006\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://owncloud.org/security/advisory/?id=oc-sa-2016-017\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/148151\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://nextcloud.com/security/advisory/?id=nc-sa-2016-006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://owncloud.org/security/advisory/?id=oc-sa-2016-017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.