CVE-2020-8173Missing Encryption of Sensitive Data in Server

CWE-310CWE-311Missing Encryption of Sensitive Data3 documents3 sources
Severity
2.2LOWNVD
EPSS
0.1%
top 74.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nextcloud Server
Timeline
PublishedNov 2
Latest updateMay 24

Description

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 0.7 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/nextcloud_server18.0.018.0.5+1
CVEListV5nextcloud/nextcloud_server18.0.4

🔴Vulnerability Details

2
GHSA
GHSA-v9r7-gccq-cp4v: A too small set of random characters being used for encryption in Nextcloud Server 182022-05-24
CVEList
CVE-2020-8173: A too small set of random characters being used for encryption in Nextcloud Server 182020-10-30
CVE-2020-8173 — Missing Encryption of Sensitive Data | cvebase