ownCloud Username Enumeration Vulnerability in share.php Endpoint
Vulnerability
A username enumeration vulnerability has been identified in ownCloud version 8.1.8. This vulnerability allows remote attackers to discover user accounts by manipulating the share.php endpoint. By sending crafted GET requests to the share.php endpoint with a wildcard search parameter, attackers can retrieve detailed user information, thereby enumerating usernames on the platform.
Impact
Exploitation of this vulnerability allows for username enumeration, which could be used in conjunction with other attacks, such as password guessing or phishing.
Reproduction
To reproduce this vulnerability, first create an account in ownCloud 8.1.8. Then, intercept the connection using a tool like Burp Suite. Share a file while typing anything in the share dialog. Burp will capture the request, which can be sent to the Repeater. In the Repeater, change the search parameter to a wildcard search. The response will include a JSON object with all username information.
Remediation
Users are advised to update to ownCloud version 10.0.0 or later, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.