ownCloud file sharing app faces admin passwords breach due to critical bug

Critical bug exposes ownCloud admin passwords

ownCloud file sharing app faces admin passwords breach due to critical bugOwnCloud faces a critical security challenge with three vulnerabilities

ownCloud, a popular choice for businesses, educational institutions, and privacy-conscious individuals, has issued three critical security warnings. The most serious flaw, CVE-2023-49103,[1] allows attackers to steal credentials[2] and configuration information in containerized deployments. This flaw is caused by the app's reliance on a third-party library, which inadvertently exposes PHP environment details via a URL. OwnCloud admin passwords, mail server credentials, and license keys were among the data exposed.

ownCloud recommends a series of steps to address this, including deleting a specific file, disabling the 'phpinfo' function in Docker containers, and updating potentially exposed secrets. It is critical to note that simply disabling the affected app does not eliminate the vulnerability, emphasizing the importance of administrators implementing the recommended fixes as soon as possible.

Authentication bypass flaw in ownCloud core library

This flaw allows attackers to gain unauthenticated access to, modify, or delete files if they know the user's username and the user has not configured a signing key (the default setting). This flaw not only raises concerns about unauthorized access to sensitive data, but it also highlights the possibility of malicious activity within the ownCloud ecosystem. Exploiting this flaw could result in unauthorized modifications or deletions of critical files, disrupting business operations and jeopardizing data integrity.

To mitigate this risk, ownCloud strongly advises administrators to deny the use of pre-signed URLs if the file owner's signing key is not configured. This proactive approach is critical in protecting the confidentiality and integrity of data stored within ownCloud, emphasizing the critical need for administrators to apply security patches and updates as soon as possible to avoid any potential exploitation of this high-severity vulnerability.

Subdomain validation bypass raises concerns

Attackers can exploit a flaw in the oauth2 app to enter a specially crafted redirect URL, bypassing validation and redirecting callbacks to an attacker-controlled domain. While the severity is lower, this vulnerability adds an extra layer of risk to the ownCloud environment. The ability of attackers to manipulate the redirection mechanism opens the door to phishing attacks and other malicious activities, putting user interactions at risk.

Recognizing the importance of comprehensive security measures, ownCloud suggests hardening the validation code in the Oauth2 app to reduce potential avenues for exploitation. Disabling the “Allow Subdomains” option temporarily serves as a valuable interim measure until a more robust solution is implemented. Even with a lower severity score, the subdomain validation bypass[3] issue highlights the need for ownCloud to implement a proactive and layered security strategy in order to effectively thwart various potential threats and maintain the platform's overall security stance.

The consequences are severe, ranging from the exposure of sensitive information to the possibility of stealthy data theft and phishing attacks. The constant targeting of file-sharing platforms by ransomware groups such as CLOP emphasizes the need for ownCloud administrators to apply recommended fixes and perform necessary library updates as soon as possible. In the face of evolving cybersecurity challenges, immediate action is required to mitigate risks and ensure the continued security of the ownCloud environment.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions