-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Version diclosure #7399
Comments
Only hiding the information would not make Nextcloud more secure because the version could be exploited by other files (e.g. CSS) too :) |
It will not make Nextcloud more secure but it will be harder to find the version ! It can slow down bots looking for exploitable versions of Nextcloud. This is pointless to keep it public... |
It is just one more line in the hackers script ;) |
So tell me, what are the other ways of finding the version ?
Are you saying that to find the version, an attacker just has to hash a file and compare it with a database to retrieve the version ? Because you can't determine a version based on that... CSS files will not necessarily change between two versions |
=> it's more work to get around this, without real benefit. |
I think hiding the version in the status.php file from anonymous users could be great. Even if I'm pretty sure there are other ways to find the version of the installed instance, it makes it easier for attackers to find public exploits based on the version.
The text was updated successfully, but these errors were encountered: