Glewlwyd SSO server 缓冲区错误漏洞

The Glewlwyd SSO server is a single sign-on SSO server for multi-factor authentication for OAuth2 and OpenID Connect authentication. A security vulnerability exists in Glewlwyd SSO server 2.5.3, which stems from a buffer overflow in scheme/webauthn.c during FIDO2 signature validation in webauthn...

Bypass of Two Factor Authentication

None...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1068-1 Rating: important References: 1181445 1181803 1181804 1188247 1188248 1188249 1188250 1188251 1188252 1188253 1188254 1188255 1188256 Cross-References: CVE-2020-8293 CVE-2020-8294 CVE-2020-8295...

Unspecified Vulnerability in Nextcloud (CNVD-2021-51799)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server versions prior to 19.0.13, 20.011, and 21.0.3, which stems from the fact that the webauthn token is not...

CVE-2021-32726

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fix...

CVE-2021-32726

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fix...

Code injection

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fix...

CVE-2021-32726

Summary (CVE-2021-32726) Nextcloud Server versions prior to 19.0.13, 20.0.11, and 21.0.3 did not delete webauthn tokens after a user was deleted, allowing a previously used username to gain access to that account. The issue has been fixed in 19.0.13, 20.0.11, and 21.0.3. There are no known workar...

CVE-2021-32726 Webauthn tokens not removed after user has been deleted

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fix...

Webauthn tokens not removed after user has been deleted

None...

PT-2021-19887 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.13 Nextcloud Server versions prior to 20.0.11 Nextcloud Server versions prior to 21.0.3 Description: The issue concerns the handling of webauthn tokens in Nextcloud Server. In affected versions, webauth...

Nextcloud安全漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server versions prior to 19.0.13, 20.011, and 21.0.3, which stems from the fact that the webauthn token is not...

CVE-2021-3632

A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow...

Nextcloud: Webauthn tokens are not removed on user deletion

userA has an account on serverA 2. userA enables passwordless login webauthn and registers a key/device 3. userA is removed from the system 4. a new user comes along and gets assigned userA as id 5. the old userA tries to login with their key 6. the old userA can see all data of the new userA...

Beyond MFA: Rethinking the Authentication Key

You have to hand it to the cyber-thieves: They have proven extremely adept at defeating security measures once thought reliable. Case in point: multifactor authentication MFA. While two-factor authentication 2FA using push text notifications has become the de-facto standard for login security, ba...

Smartphones are not the problem with MFA security

We've recently seen big attacks play out on prominent technology companies despite their use of smartphone-based multi-factor authentication. These attacks are real, they do happen, and it appears that even the smartphone cannot protect us anymore. While this conclusion may be tempting, it actual...

Nextcloud Server Authorization Issues Vulnerability (CNVD-2020-64589)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An authorization issue vulnerability exists in Nextcloud Server 19.0.1, which stems from a misconfiguration that allows users to feel that a passwordless...

CVE-2020-8236

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it...

CVE-2020-8236

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it...

Design/Logic Flaw

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it...