CVE-2018-16465
Nextcloud Server is affected when used with versions prior to 14.0.0. The issue is a missing state that would have enforced a second factor at login if the 2FA provider failed to load, effectively allowing a 2FA bypass under certain conditions. This vulnerability is described in advisories NC-SA-...