CVE-2012-4392

Published: Sep 5, 2012Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.

Affected (1)

Products: Owncloud: Owncloud Server

Owncloud

1 product

Owncloud Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Owncloud Owncloud Server	Version 4.0.7

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

http://www.openwall.com/lists/oss-security/2012/08/11/1

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/09/02/2

Source: secalert@redhat.com

https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a

Source: secalert@redhat.com

ExploitPatch

http://www.openwall.com/lists/oss-security/2012/08/11/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/09/02/2

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

Timeline

No history available yet.