CVE Vulnerabilities

CVE-2023-28997

Reusing a Nonce, Key Pair in Encryption

Published: Apr 04, 2023 | Modified: Apr 10, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.

Weakness

Nonces should be used for the present occasion and only once.

Affected Software

Name Vendor Start Version End Version
Desktop Nextcloud 3.0.0 *

Potential Mitigations

References