Nextcloud Server 24.x < 24.0.10, 25.x < 25.0.4 Missing Brute Force Protection Vulnerability (GHSA-v243-x6jc-42mp)

Nextcloud Server is prone to a missing brute force protection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-25818

Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the password of another user and then brute force the 62^21 combinations for the password reset token. As of commit 704eb3aa password reset attempts are now throttled. Note...