Nextcloud: bypass of 2FA

ID H1:248656
Type hackerone
Reporter kaysbugs
Modified 2018-07-29T20:38:19


Improper protection of the 2FA login made a bypass of the 2FA possible. The bug required to know user credentials but effectively rendered the 2FA ineffective.

The issue has been fixed by the Nextcloud team and has been validated by the reporter.