Lucene search
RtodH1:1202590HistoryMay 19, 2021 - 12:07 p.m.
Nextcloud: Webauthn tokens are not removed on user deletion
2021-05-1912:07:33
rtod
hackerone.com
114
nextcloud
webauthn
tokens
user deletion
unauthorized access
data cleanup
bugbounty
EPSS
0.003
Percentile
71.2%
- userA has an account on serverA
- userA enables passwordless login (webauthn) and registers a key/device
- userA is removed from the system
- a new user comes along and gets assigned userA as id
- the old userA tries to login with their key
- the old userA can see all data of the new userA
Impact
This can lead to an unauthorized actor gaining full access to the data of another user.
As suggested in https://hackerone.com/reports/1200700 a blocklist of old userids would help here. However the data should all be cleaned up as well of course!
Related
cve
cve
CVE-2021-32726
2021-07-12 20:15:10
nextcloud
nextcloud
Webauthn tokens not removed after user has been deleted
2021-07-12 09:22:25
osv
osv
CVE-2021-32726
2021-07-12 20:15:10
prion
prion
Code injection
2021-07-12 20:15:00
cvelist
cvelist
CVE-2021-32726 Webauthn tokens not removed after user has been deleted
2021-07-12 19:45:13
nvd
nvd
CVE-2021-32726
2021-07-12 20:15:10
archlinux
archlinux
[ASA-202107-22] nextcloud: multiple issues
2021-07-14 00:00:00
openvas
openvas
Nextcloud Server Multiple Vulnerabilities (Jul 2021)
2021-07-16 00:00:00
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1068-1)
2021-07-21 00:00:00
nessus
nessus
openSUSE 15 Security Update : nextcloud (openSUSE-SU-2021:1068-1)
2021-07-21 00:00:00
GLSA-202208-17 : Nextcloud: Multiple Vulnerabilities
2022-08-16 00:00:00
suse
suse
Security update for nextcloud (important)
2021-07-21 00:00:00
gentoo
gentoo
Nextcloud: Multiple Vulnerabilities
2022-08-10 00:00:00