Lemmy
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
LordOthello@alien.topB to Self-Hosted Main@selfhosted.forumEnglish · 11 months ago

ownCloud vulnerability with maximum 10 severity score under “mass” exploitation

message-square
message-square
24
fedilink
0
message-square

ownCloud vulnerability with maximum 10 severity score under “mass” exploitation

LordOthello@alien.topB to Self-Hosted Main@selfhosted.forumEnglish · 11 months ago
message-square
24
fedilink

ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation | Ars Technica

“The vulnerability, which carries the maximum severity rating of 10, makes it possible to obtain passwords and cryptographic keys allowing administrative control of a vulnerable server by sending a simple Web request to a static URL”

  • jovialfaction@alien.topB
    link
    fedilink
    English
    arrow-up
    1    ·
    11 months ago

    That’s why I keep nextcloud behind http basic auth. Don’t trust those software to expose them directly to Internet.

    • ShapeShifter499@alien.topB
      link
      fedilink
      English
      arrow-up
      1      ·
      11 months ago

      This would prevent nextcloud sync and phone apps from proper access wouldn’t it?

    • Silencer306@alien.topB
      link
      fedilink
      English
      arrow-up
      1      ·
      11 months ago

      Like Authelia?

    • LuckyHedgehog@alien.topB
      link
      fedilink
      English
      arrow-up
      1      ·
      11 months ago

      Basic auth is better than no auth, but it is absolutely not a recommended auth method these days

      • jovialfaction@alien.topB
        link
        fedilink
        English
        arrow-up
        1        ·
        11 months ago

        I use it on top of nextcloud auth

        • LuckyHedgehog@alien.topB
          link
          fedilink
          English
          arrow-up
          1          ·
          11 months ago

          Basic auth is a base64 of your login credentials, might as well be plain text. You should absolutely not be using basic auth if you have other options

Self-Hosted Main@selfhosted.forum

main@selfhosted.forum

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !main@selfhosted.forum

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

For Example

  • Service: Dropbox - Alternative: Nextcloud
  • Service: Google Reader - Alternative: Tiny Tiny RSS
  • Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

  • Awesome-Selfhosted List of Software
  • Awesome-Sysadmin List of Software
Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 1 user / day
  • 1 user / week
  • 1 user / month
  • 37 users / 6 months
  • 41 local subscribers
  • 504 subscribers
  • 1.81K Posts
  • 10.5K Comments
  • Modlog
  • mods:
  • communick@selfhosted.forum
  • UI: 0.19.5
  • BE: 0.19.6-beta.13
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org