[Owncloud] Security flaw
Randolph Carter
randolphcarter at fantasymail.de
Thu Jun 20 20:29:09 UTC 2013
Sounds like one big security risk waiting to happen to me... not only
misconfiguration, but also e.g. intermediate server errors will leave
owncloud wide open for anyone to access?
Lukas Reschke <lukas at owncloud.org> schrieb:
On Thu, Jun 20, 2013 at 9:32 AM, Ron Trompert
<ron.trompert at surfsara.nl <mailto:ron.trompert at surfsara.nl>> wrote:
Yesterday I have installed Owncloud 5.0.7. I have configured the
admin user and in addition, I have allowed for other user to
authenticate themselves using another webdav server. All of this
works, but now I am able to login to the admin account using any
password.
You've most likely misconfigured the other WebDAV server, any
statuscode except 401 or 403 will be interpreted as valid login.
--
ownCloud
Your Cloud, Your Data, Your Way!
GPG: 0xEB32B77BA406BE99
------------------------------------------------------------------------
Owncloud mailing list
Owncloud at kde.org
https://mail.kde.org/mailman/listinfo/owncloud
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130620/99516e98/attachment.html>
More information about the Owncloud
mailing list