CVE-2018-3775 — Improper Authentication in Server

CWE-287 — Improper Authentication6 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 57.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Server Hackerone Nextcloud Server

Timeline

PublishedAug 12

Latest updateMay 13

Description

Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDnextcloud/nextcloud_server< 12.0.3

▶CVEListV5hackerone/nextcloud_server<12.0.3

🔴Vulnerability Details

GHSA

GHSA-2v55-qcx6-c482: Improper Authentication in Nextcloud Server prior to version 12↗2022-05-13

▶

CVEList

CVE-2018-3775: Improper Authentication in Nextcloud Server prior to version 12↗2018-08-12

▶

💬Community

Bugzilla

CVE-2018-3775 nextcloud: Improper authentication allows attackers with user credentials to bypass 2FA↗2018-08-22

▶

Bugzilla

CVE-2018-3775 nextcloud: Improper authentication allows attackers with user credentials to bypass 2FA [epel-7]↗2018-08-22

▶

Bugzilla

CVE-2018-3775 nextcloud: Improper authentication allows attackers with user credentials to bypass 2FA [fedora-all]↗2018-08-22

▶