Computer Security
[EN] securityvulns.ru no-pyccku


owncloud client server spoofing
Published:25.10.2015
Source:
SecurityVulns ID:14746
Type:m-i-t-m
Threat Level:
5/10
Description:Server certificate spoofing is possible.
Affected:OWNCLOUD : owncloud-client 1.8
CVE:CVE-2015-4456 (ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3363-1] owncloud-client security update (25.10.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod