CVE-2016-9463

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-9463
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9463.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-9463
Published
2017-03-28T02:59:00Z
Modified
2024-06-06T12:02:15.505696Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.

References

Affected packages

Git / github.com/nextcloud/apps

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/apps
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Type
GIT
Repo
https://github.com/nextcloud/server
Events
Type
GIT
Repo
https://github.com/owncloud-archive/apps
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Fixed
Type
GIT
Repo
https://github.com/owncloud/core
Events

Affected versions

v10.*

v10.0.0
v10.0.1RC1
v10.0.1RC2
v10.0.1RC3
v10.0.1RC4
v10.0.1RC5

v4.*

v4.5.0
v4.5.0RC1
v4.5.0RC2
v4.5.0RC3
v4.5.0beta1
v4.5.0beta2
v4.5.0beta3
v4.5.0beta4

v5.*

v5.0.0
v5.0.0RC1
v5.0.0RC2
v5.0.0RC3
v5.0.0alpha1
v5.0.0beta2

v6.*

v6.0.0RC1
v6.0.0RC2
v6.0.0RC3
v6.0.0alpha2
v6.0.0beta2
v6.0.0beta3
v6.0.0beta4
v6.0.0beta5

v7.*

v7.0.0RC1
v7.0.0alpha2
v7.0.0beta1

v8.*

v8.0.0
v8.0.0RC1
v8.0.0RC2
v8.0.0alpha1
v8.0.0alpha2
v8.0.0beta1
v8.0.0beta2
v8.1.0
v8.1.0alpha1
v8.1.0alpha2
v8.1.0beta1
v8.1.0beta2
v8.1.1beta
v8.1.1beta1
v8.1RC2
v8.2.0
v8.2.1
v8.2.1RC1
v8.2.1RC2
v8.2.1RC3
v8.2.1RC4
v8.2.2
v8.2.2RC1
v8.2.3
v8.2.3RC1
v8.2.3RC2
v8.2.4
v8.2.4RC1
v8.2.4RC2
v8.2.5
v8.2.5RC1
v8.2.5RC2
v8.2.6
v8.2.6RC1
v8.2.7
v8.2.7RC1
v8.2.8
v8.2.8RC1
v8.2.8RC2
v8.2RC1
v8.2RC2
v8.2RC3
v8.2beta1

v9.*

v9.0.0
v9.0.0RC1
v9.0.0RC2
v9.0.0RC3
v9.0.0beta2
v9.0.1
v9.0.1RC1
v9.0.1RC2
v9.0.1beta
v9.0.2
v9.0.2RC1
v9.0.2RC2
v9.0.3
v9.0.3RC1
v9.0.4
v9.0.4RC1
v9.0.5
v9.0.5RC1
v9.0.5RC2
v9.0beta1
v9.1.0
v9.1.0RC1
v9.1.0RC2
v9.1.0RC3
v9.1.0RC4
v9.1.0beta1
v9.1.0beta2
v9.1.1
v9.1.1RC1
v9.1.1RC2
v9.1.1RC3