First published: Mon Oct 26 2015(Updated: )
ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Owncloud Owncloud Desktop Client | <=1.8.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.