Nextcloud: bypass of 2FA

2017-07-12T10:10:33
ID H1:248656
Type hackerone
Reporter kaysbugs
Modified 2018-07-29T20:38:19

Description

Improper protection of the 2FA login made a bypass of the 2FA possible. The bug required to know user credentials but effectively rendered the 2FA ineffective.

The issue has been fixed by the Nextcloud team and has been validated by the reporter.