Date published: 2015-02-04T13:59:00.057-05:00
Date last modified: 2015-02-05T10:20:08.403-05:00
CVSS Score: 4.3
Principal attack vector: NETWORK
Reference URL: https://owncloud.org/security/advisory/?id=oc-sa-2014-019
Summary: The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network.