Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file (NC-SA-2020-038)

A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file...

Nextcloud: Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file

First: The default encryption module bundled with the Nextcloud Server creates SHA256-HMAC based message authentication codes for each individual 6072 byte-sized block of data. These are the steps to calculate the MAC: Take the user password and harden it with SHA256-PBKDF2 denoted as $passPhrase...