Insufficient Randomness in Encryption Algorithm in Nextcloud Server by Nextcloud
CVE-2020-8173

2.2LOW

Key Information:

Vendor: Nextcloud
Status: Nextcloud Server
Vendor: CVE Published:; 2 November 2020

What is CVE-2020-8173?

Nextcloud Server 18.0.4 has a vulnerability where a limited set of random characters is utilized for encryption. This flaw may enable an adversary to decrypt data more quickly than intended, posing significant security risks. It emphasizes the necessity for robust encryption methods that ensure sufficient randomness to safeguard sensitive information effectively.

Affected Version(s)

Nextcloud Server 18.0.4

References

https://hackerone.com/reports/852841

x_refsource_MISC

https://nextcloud.com/security/advisory/?id=NC-SA-2020-023

x_refsource_MISC

CVSS V3.1

Score:

2.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2020
Vulnerability Reserved
Jan 28, 2020