CVE-2021-32800: Bypass of Two Factor Authentication in Nextcloud server
First published: Tue Sep 07 2021(Updated: )
Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. There are no workaround for this vulnerability.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Nextcloud Server | <20.0.12 | |
| Nextcloud Nextcloud Server | >=21.0.0<21.0.4 | |
| Nextcloud Nextcloud Server | >=22.0.0<22.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/nextcloud
- canonical/nextcloud nextcloud server
- version/nextcloud nextcloud server/21.0.0
- version/nextcloud nextcloud server/22.0.0