Improper Authentication in Nextcloud Server by Nextcloud
CVE-2018-3775

8.8HIGH

Key Information:

Vendor: Hackerone
Status: Nextcloud Server
Vendor: CVE Published:; 12 August 2018

What is CVE-2018-3775?

Nextcloud Server prior to version 12.0.3 has a vulnerability that allows attackers who have gained access to user credentials to bypass the 2 Factor Authentication protection mechanism. This flaw significantly increases the risk of unauthorized access to sensitive user data, as attackers can exploit this weakness to act as legitimate users.

Affected Version(s)

Nextcloud Server <12.0.3

References

https://nextcloud.com/security/advisory/?id=NC-SA-2018-007

x_refsource_CONFIRM

https://hackerone.com/reports/248656

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2018
Vulnerability Reserved
Dec 28, 2017

Hackerone

What is CVE-2018-3775?

Affected Version(s)

References

CVSS V3.1

Timeline