CVE-2015-4456 Information

Description

ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored which allows man-in-the-middle attackers to bypass the user’s certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.

Reference

http://www.debian.org/security/2015/dsa-3363 http://www.securityfocus.com/bid/75354 https://github.com/owncloud/client/issues/3283 https://owncloud.org/security/advisory/?id=oc-sa-2015-009