Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nextcloud_server | Nextcloud | * | 20.0.0 (excluding) |