CVE-2020-8236

CVE-2020-8236

Vendor N/A
Product Nextcloud Server
Weakness CWE-287 · Improper authentication
Published October 30, 2020
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.

Key dates

02Disclosure timeline

October 30, 2020 CVE published
August 4, 2024 Record updated