CVE-2014-9043 Information

Description

The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name which triggers an unauthenticated bind.

Reference

https://owncloud.org/security/advisory/?id=oc-sa-2014-020