3 matches found
Nextcloud Server 24.x < 24.0.10, 25.x < 25.0.4 Missing Brute Force Protection Vulnerability (GHSA-v243-x6jc-42mp)
Nextcloud Server is prone to a missing brute force protection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2023-25818 Missing brute force protection on password reset token in Nextcloud Server
Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the password of another user and then brute force the 62^21 combinations for the password reset token. As of commit 704eb3aa password reset attempts are now throttled. Note...
CVE-2023-25818
CVE-2023-25818 affects Nextcloud Server in multiple versions: 24.0.0–24.0.10 and 25.0.0–25.0.4 (and related Enterprise/server variants). The root cause is lack of brute-force protection on authentication-related endpoints (password resets), enabling potential password-guessing attacks. A throttle...