Lucene search
HackeroneCVELIST:CVE-2020-8236HistoryOct 30, 2020 - 6:11 p.m.
CVE-2020-8236
2020-10-3018:11:49
CWE-287
hackerone
www.cve.org
8
nextcloud
server
webauthn
authentication
security vulnerability
A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.
CNA Affected
[
{
"product": "Nextcloud Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "19.0.2"
}
]
}
]Related
nvd
nvd
CVE-2020-8236
2020-11-02 21:15:34
openvas
openvas
Fedora: Security Advisory for nextcloud (FEDORA-2020-050aaa14f7)
2020-10-24 00:00:00
cve
cve
CVE-2020-8236
2020-11-02 21:15:34
nextcloud
nextcloud
PIN for passwordless WebAuthn is asked for but not verified (NC-SA-2020-037)
2020-08-25 00:00:00
hackerone
hackerone
Nextcloud: PIN for passwordless WebAuthn is asked for but not verified
2020-07-15 12:18:30
prion
prion
Design/Logic Flaw
2020-11-02 21:15:00
osv
osv
CVE-2020-8236
2020-11-02 21:15:34
fedora
fedora
[SECURITY] Fedora 33 Update: nextcloud-19.0.3-1.fc33
2020-10-23 22:24:15
nessus
nessus
Fedora 33 : nextcloud (2020-050aaa14f7)
2020-10-26 00:00:00