Lucene search
DashingjavedH1:1450368HistoryJan 15, 2022 - 12:18 p.m.
Nextcloud: com.nextcloud.client bypass the protection lock in andoid app v 3.18.1 latest version.
2022-01-1512:18:26
dashingjaved
hackerone.com
$200
9
nextcloud
android
bypass lock
EPSS
0.001
Percentile
34.5%
Summary:
nextcloud allowed multiple account within the android client app on a single lock
Steps To Reproduce:
1.open nextcloud app
2.add security password to protect the app
3.close the app
again open the app and now show the password to open the app
- so now the password protection bypass lets start
2.hold the nextcloud app and see the app info open it
3.Here the three option 1.open.2.uninstall and 3.force stop
now click open button and now see the app lock protection in the app and now open app and back open and back between 3 to 4 time
same procedure and now you will see the app lock protection bypass in nextcloud android app
Supporting Material/References:
[list any additional material (e.g. screenshots, logs, etc.)]
- [attachment / reference]
Impact
if an attacker has physical access to an android mobile without screen lock,but with nextcloud installed and set up,he can easily access the nextcloud-files.
regards:Javed Ahmad
Related
osv
osv
CVE-2022-24885
2022-04-27 14:15:08
cnvd
cnvd
Nextcloud Android app access control error vulnerability
2022-04-29 00:00:00
nvd
nvd
CVE-2022-24885
2022-04-27 14:15:08
cvelist
cvelist
CVE-2022-24885 Improper Authentication in Nextcloud Android Files
2022-04-27 13:20:11
prion
prion
Code injection
2022-04-27 14:15:00
cve
cve
CVE-2022-24885
2022-04-27 14:15:08
nextcloud
nextcloud
Can bypass the lock protection in Android Files app
2022-04-27 07:20:28