Lucene search
K

31 matches found

CVE
CVE
added 2020/11/16 12:36 a.m.84 views

CVE-2020-8152

CVE-2020-8152 affects Nextcloud Server 19.0.1 where server-side encryption keys are not adequately protected, enabling an attacker to replace the public key and later decrypt data. The vulnerability is described in Nextcloud advisory NC-SA-2020-040 and related disclosures; the issue concerns impr...

4.4CVSS4.9AI score0.0032EPSS
Exploits2References3Affected Software1
CNVD
CNVD
added 2020/11/16 12:0 a.m.2 views

Nextcloud Server server-side encryption key underprotection vulnerability (CNVD-2020-66860)

Nextcloud is a set of client-server software for creating file hosting services and using them. A server-side insufficient encryption key protection vulnerability exists in Nextcloud Server 19.0.1. An attacker can exploit the vulnerability to replace the public key and decrypt the encryption key...

4.4CVSS6.8AI score0.0032EPSS
Exploits2References1
CNVD
CNVD
added 2020/11/16 12:0 a.m.8 views

Nextcloud Server Server-Side Encryption Keys Insufficiently Protected Vulnerability

Nextcloud is a set of client-server software for creating file hosting services and using them. Nextcloud Server 19.0.1 suffers from an insufficiently protected server-side encryption key vulnerability. An attacker could exploit the vulnerability by replacing the encryption key...

8.1CVSS6.7AI score0.00727EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/10/15 12:0 a.m.4 views

PT-2020-20067 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 19.0.1 Description: The issue is related to insufficient protection of server-side encryption keys, allowing an attacker to replace these keys. Recommendations: For Nextcloud Server version 19.0.1, update to a version...

8.1CVSS5.6AI score0.01924EPSS
Exploits14References41
Nextcloud
Nextcloud
added 2020/10/03 12:0 a.m.31 views

Improper integrity protection of server-side encryption keys (NC-SA-2020-041)

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys...

5.5CVSS4AI score0.00727EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
added 2020/10/03 12:0 a.m.35 views

Improper confidentiality protection of server-side encryption keys (NC-SA-2020-040)

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on...

2.1CVSS3.6AI score0.0032EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2020/09/11 12:0 a.m.6 views

PT-2020-19987 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 19.0.1 Description: The issue is related to insufficient protection of server-side encryption keys, allowing an attacker to replace the public key and potentially decrypt them later. This could lead to an elevation of...

8.1CVSS5.6AI score0.01924EPSS
Exploits14References45
Hacker One
Hacker One
added 2019/11/20 7:40 p.m.34 views

Nextcloud: Downgrade encryption scheme and break integrity through known-plaintext attack

The idea behind the Server Side Encryption is that you can move your encrypted files to an external party without that external party being able to to read or modify those files. Some time ago, Nextcloud switched from unauthenticated CFB cipher block mode to authenticated CTR cipher block mode in...

1.9CVSS0.5AI score0.00286EPSS
Exploits2
Hacker One
Hacker One
added 2019/11/08 2:19 p.m.30 views

Nextcloud: Improper integrity protection of server-side encryption keys

The public keys used for the server-side encryption are not integrity-protected. These can easily replaced by anyone who has access to the data-at-rest data even when the per-user-keys are enabled, as described in https://nextcloud.com/security/threat-model/. This holds true for all key types -...

5.5CVSS0.6AI score0.00727EPSS
Exploits1
The Hacker News
The Hacker News
added 2013/07/18 6:43 a.m.10 views

Google may introduce Anti-NSA surveillance encryption for Google Drive

Privacy protection in the services we use on a daily basis has been a big topic of conversation following accusations that Google, Microsoft, Apple and other large tech companies were working with government agencies to provide user data. According to a new report by CNet, Google may introduce...

6.5AI score
Exploits0
ThreatPost
ThreatPost
added 2011/10/04 2:0 p.m.5 views

Device Encryption for Exchange, 3.1

The iPhone 3GS was the first update to the device with features that were squarely targeted on the enterprise marketplace. However, after the 3GS was released in the last quarter of 2009, users of older iPhone models who upgraded to the accompanying 3.1 update to iOS suddenly found that they...

1.6AI score
Exploits0References1
Rows per page
Query Builder