CVE-2020-8236

Severity CVSS v4.0:
Pending analysis
Type:
CWE-287 Authentication Issues
Publication date:
02/11/2020
Last modified:
27/09/2022

Description

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:* 19.0.2 (excluding)