Описание
A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.
Ссылки
- ExploitThird Party Advisory
- Broken LinkVendor Advisory
- ExploitThird Party Advisory
- Broken LinkVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 19.0.2 (исключая)
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.00234
Низкий
6.8 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-287
CWE-287
Связанные уязвимости
CVSS3: 6.8
debian
больше 4 лет назад
A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the ...
CVSS3: 6.8
github
около 3 лет назад
A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.
EPSS
Процентиль: 46%
0.00234
Низкий
6.8 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-287
CWE-287