PT-2012-5366 · Owncloud · Owncloud

Kurt Seifried

Published

2012-09-05

Updated

2025-03-31

CVE-2012-4392

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ownCloud version 4.0.7

Description The issue concerns improper validation of the oc token cookie in the index.php file, allowing remote attackers to bypass authentication by crafting a specific oc token cookie value.

Recommendations For ownCloud version 4.0.7, consider updating to a newer version that properly validates the oc token cookie to prevent authentication bypass. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2012-4392

Affected Products

Owncloud

PT-2012-5366 · Owncloud · Owncloud

CVE-2012-4392

Weakness Enumeration

Related Identifiers

Affected Products

References · 6