31 matches found
CVE-2020-8152
CVE-2020-8152 affects Nextcloud Server 19.0.1 where server-side encryption keys are not adequately protected, enabling an attacker to replace the public key and later decrypt data. The vulnerability is described in Nextcloud advisory NC-SA-2020-040 and related disclosures; the issue concerns impr...
Nextcloud Server server-side encryption key underprotection vulnerability (CNVD-2020-66860)
Nextcloud is a set of client-server software for creating file hosting services and using them. A server-side insufficient encryption key protection vulnerability exists in Nextcloud Server 19.0.1. An attacker can exploit the vulnerability to replace the public key and decrypt the encryption key...
Nextcloud Server Server-Side Encryption Keys Insufficiently Protected Vulnerability
Nextcloud is a set of client-server software for creating file hosting services and using them. Nextcloud Server 19.0.1 suffers from an insufficiently protected server-side encryption key vulnerability. An attacker could exploit the vulnerability by replacing the encryption key...
PT-2020-20067 · Nextcloud +1 · Nextcloud Server +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 19.0.1 Description: The issue is related to insufficient protection of server-side encryption keys, allowing an attacker to replace these keys. Recommendations: For Nextcloud Server version 19.0.1, update to a version...
Improper integrity protection of server-side encryption keys (NC-SA-2020-041)
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys...
Improper confidentiality protection of server-side encryption keys (NC-SA-2020-040)
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on...
PT-2020-19987 · Nextcloud +1 · Nextcloud Server +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 19.0.1 Description: The issue is related to insufficient protection of server-side encryption keys, allowing an attacker to replace the public key and potentially decrypt them later. This could lead to an elevation of...
Nextcloud: Downgrade encryption scheme and break integrity through known-plaintext attack
The idea behind the Server Side Encryption is that you can move your encrypted files to an external party without that external party being able to to read or modify those files. Some time ago, Nextcloud switched from unauthenticated CFB cipher block mode to authenticated CTR cipher block mode in...
Nextcloud: Improper integrity protection of server-side encryption keys
The public keys used for the server-side encryption are not integrity-protected. These can easily replaced by anyone who has access to the data-at-rest data even when the per-user-keys are enabled, as described in https://nextcloud.com/security/threat-model/. This holds true for all key types -...
Google may introduce Anti-NSA surveillance encryption for Google Drive
Privacy protection in the services we use on a daily basis has been a big topic of conversation following accusations that Google, Microsoft, Apple and other large tech companies were working with government agencies to provide user data. According to a new report by CNet, Google may introduce...
Device Encryption for Exchange, 3.1
The iPhone 3GS was the first update to the device with features that were squarely targeted on the enterprise marketplace. However, after the 3GS was released in the last quarter of 2009, users of older iPhone models who upgraded to the accompanying 3.1 update to iOS suddenly found that they...