cve-2016-9463
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
Summary
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.
References
support@hackerone.comhttps://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274Issue Tracking, Patch, Third Party Advisory
support@hackerone.comhttps://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087Issue Tracking, Patch, Third Party Advisory
support@hackerone.comhttps://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791Issue Tracking, Patch, Third Party Advisory
support@hackerone.comhttps://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732Issue Tracking, Patch, Third Party Advisory
support@hackerone.comhttps://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3Issue Tracking, Patch, Third Party Advisory
support@hackerone.comhttps://hackerone.com/reports/148151Exploit, Third Party Advisory
support@hackerone.comhttps://nextcloud.com/security/advisory/?id=nc-sa-2016-006Patch, Vendor Advisory
support@hackerone.comhttps://owncloud.org/security/advisory/?id=oc-sa-2016-017Patch, Vendor Advisory
support@hackerone.comhttps://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://hackerone.com/reports/148151Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://nextcloud.com/security/advisory/?id=nc-sa-2016-006Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://owncloud.org/security/advisory/?id=oc-sa-2016-017Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/Exploit, Technical Description, Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/148151"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-017"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9"
            }
          ]
        }
      ],
      "datePublic": "2017-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you\u0027re not affected by this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "Incorrect Implementation of Authentication Algorithms (CWE-303)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-28T02:57:01",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/148151"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-017"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2016-9463",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you\u0027re not affected by this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Incorrect Implementation of Authentication Algorithms (CWE-303)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274",
              "refsource": "MISC",
              "url": "https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274"
            },
            {
              "name": "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791",
              "refsource": "MISC",
              "url": "https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791"
            },
            {
              "name": "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/",
              "refsource": "MISC",
              "url": "https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/"
            },
            {
              "name": "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732",
              "refsource": "MISC",
              "url": "https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732"
            },
            {
              "name": "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3",
              "refsource": "MISC",
              "url": "https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3"
            },
            {
              "name": "https://hackerone.com/reports/148151",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/148151"
            },
            {
              "name": "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087",
              "refsource": "MISC",
              "url": "https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087"
            },
            {
              "name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-017",
              "refsource": "MISC",
              "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-017"
            },
            {
              "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006",
              "refsource": "MISC",
              "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-006"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2016-9463",
    "datePublished": "2017-03-28T02:46:00",
    "dateReserved": "2016-11-19T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.0.54\", \"matchCriteriaId\": \"D6E3F368-B854-430E-AB8F-496675C4E210\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndExcluding\": \"10.0.1\", \"matchCriteriaId\": \"8288B81D-CA35-46EB-A7E7-B60B193E3F81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.2.0\", \"versionEndExcluding\": \"8.2.9\", \"matchCriteriaId\": \"D681D54F-2420-4791-98D3-74E8A2E5F919\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndExcluding\": \"9.0.4\", \"matchCriteriaId\": \"E4E30105-E26E-4913-8597-66C1C4ABA11B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.1.0\", \"versionEndExcluding\": \"9.1.2\", \"matchCriteriaId\": \"8E9501A9-E507-4A81-954B-D6D3223EE2F8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you\u0027re not affected by this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Nextcloud Server en versiones anteriores a 9.0.54 y 10.0.1 y ownCloud Server en versiones anteirores a 9.1.2, 9.0.6 y 8.2.9 sufren de Bypass de autenticaci\\u00f3n de usuario SMB. Nextcloud/ownCloud Incluye un componente de autenticaci\\u00f3n SMB opcional y no predeterminado que permite autenticar a los usuarios en un servidor SMB. Este backend se implementa de una manera que intenta conectarse a un servidor SMB y si eso sucede considerar al usuario conectado. El backend no tom\\u00f3 correctamente en cuenta los servidores SMB que tienen cualquier tipo de configuraci\\u00f3n an\\u00f3nima. Este es el valor predeterminado en los servidores SMB en la actualidad y permite a un atacante no autenticado acceder a una cuenta sin credenciales v\\u00e1lidas. Nota: El servidor SMB est\\u00e1 deshabilitado de forma predeterminada y requiere una configuraci\\u00f3n manual en el archivo de configuraci\\u00f3n Nextcloud/ownCloud. Si no has configurado el servidor SMB, no te ver\\u00e1s afectado por esta vulnerabilidad.\"}]",
      "id": "CVE-2016-9463",
      "lastModified": "2024-11-21T03:01:16.050",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-03-28T02:59:00.933",
      "references": "[{\"url\": \"https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://hackerone.com/reports/148151\", \"source\": \"support@hackerone.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://nextcloud.com/security/advisory/?id=nc-sa-2016-006\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://owncloud.org/security/advisory/?id=oc-sa-2016-017\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://hackerone.com/reports/148151\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://nextcloud.com/security/advisory/?id=nc-sa-2016-006\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://owncloud.org/security/advisory/?id=oc-sa-2016-017\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-303\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-9463\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2017-03-28T02:59:00.933\",\"lastModified\":\"2024-11-21T03:01:16.050\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Nextcloud Server before 9.0.54 and 10.0.1 \u0026 ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you\u0027re not affected by this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Nextcloud Server en versiones anteriores a 9.0.54 y 10.0.1 y ownCloud Server en versiones anteirores a 9.1.2, 9.0.6 y 8.2.9 sufren de Bypass de autenticaci\u00f3n de usuario SMB. Nextcloud/ownCloud Incluye un componente de autenticaci\u00f3n SMB opcional y no predeterminado que permite autenticar a los usuarios en un servidor SMB. Este backend se implementa de una manera que intenta conectarse a un servidor SMB y si eso sucede considerar al usuario conectado. El backend no tom\u00f3 correctamente en cuenta los servidores SMB que tienen cualquier tipo de configuraci\u00f3n an\u00f3nima. Este es el valor predeterminado en los servidores SMB en la actualidad y permite a un atacante no autenticado acceder a una cuenta sin credenciales v\u00e1lidas. Nota: El servidor SMB est\u00e1 deshabilitado de forma predeterminada y requiere una configuraci\u00f3n manual en el archivo de configuraci\u00f3n Nextcloud/ownCloud. Si no has configurado el servidor SMB, no te ver\u00e1s afectado por esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-303\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0.54\",\"matchCriteriaId\":\"D6E3F368-B854-430E-AB8F-496675C4E210\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.1\",\"matchCriteriaId\":\"8288B81D-CA35-46EB-A7E7-B60B193E3F81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndExcluding\":\"8.2.9\",\"matchCriteriaId\":\"D681D54F-2420-4791-98D3-74E8A2E5F919\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.4\",\"matchCriteriaId\":\"E4E30105-E26E-4913-8597-66C1C4ABA11B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.1.0\",\"versionEndExcluding\":\"9.1.2\",\"matchCriteriaId\":\"8E9501A9-E507-4A81-954B-D6D3223EE2F8\"}]}]}],\"references\":[{\"url\":\"https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/148151\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://nextcloud.com/security/advisory/?id=nc-sa-2016-006\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://owncloud.org/security/advisory/?id=oc-sa-2016-017\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nextcloud/apps/commit/b85ace6840b8a6704641086bc3b8eb8e81cb2274\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nextcloud/apps/commit/decb91fd31f4ffab191cbf09ce4e5c55c67a4087\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/apps/commit/16cbccfc946c8711721fa684d78135ca1fb64791\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/apps/commit/5d47e7b52646cf79edadd78ce10c754290cbb732\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/apps/commit/a0e07b7ddd5a5fd850a6e07f8457d05b76a300b3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/148151\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://nextcloud.com/security/advisory/?id=nc-sa-2016-006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://owncloud.org/security/advisory/?id=oc-sa-2016-017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.