Beware of OAuth Redirect Vulnerability in ownCloud

CVECVE-2023-49104
CVSScvssV3_1: 8.7
SourceCVE-2023-49104

ownCloud is an open source file sharing and collaboration platform, similar to Dropbox. A recent vulnerability was discovered in ownCloud’s OAuth implementation that could allow attackers to hijack user accounts.

The issue affects ownCloud versions before 0.6.1 when the “Allow Subdomains” setting is enabled. This setting allows OAuth callbacks to be redirected to subdomains, but it did not properly validate the redirect URLs.

Attackers could craft a redirect URL that bypasses this validation and redirects callbacks to a domain they control. This would allow them to intercept OAuth tokens meant for the legitimate ownCloud domain and hijack user accounts.

If exploited, a hacker could access files shared on a user’s ownCloud account and steal sensitive personal or business data. They may also be able to access other accounts linked to the same email address or phone number.

To protect yourself, users should update ownCloud to the latest 0.6.1 version or higher as it fixes this validation issue. You should also avoid clicking on untrusted links or downloading files from unknown sources as phishing remains a top attack method. Use strong and unique passwords for all your important online accounts as well.

References