Filtered by vendor Nextcloud
Subscriptions
Filtered by product Two-factor Webauthn
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66558 | 1 Nextcloud | 2 Two-factor Webauthn, Twofactor Webauthn | 2025-12-09 | 3.1 Low |
| Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would then be prompted to register a new device on the next login. The attacker can not authenticate as the victim. This vulnerability is fixed in 1.4.2 and 2.4.1. | ||||
Page 1 of 1.