ownCloud vulnerability can be used to extract admin passwords

From malwarebytes.com

ownCloud has warned users about three critical security flaws in its file-sharing software which, if exploited, could reveal sensitive information and modify files. An especially and potentially impactful one is a vulnerability that could lead to disclosure of sensitive credentials and configuration in containerized deployments.

ownCloud is a very widely used open-source project that allows users to host and sync files. ownCloud says on its own website that it has 200 million users, including 600 enterprises.

The vulnerabilities stem from one of the building blocks of the project.

Read more…