diff options
Diffstat (limited to 'advisories/nc-sa-2018-007.php')
-rw-r--r-- | advisories/nc-sa-2018-007.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/advisories/nc-sa-2018-007.php b/advisories/nc-sa-2018-007.php index 84345974..d26300c9 100644 --- a/advisories/nc-sa-2018-007.php +++ b/advisories/nc-sa-2018-007.php @@ -13,16 +13,16 @@ <p>CWE: <a href="https://cwe.mitre.org/data/definitions/287.html">Improper Authentication - Generic (CWE-287)</a></p> <p>HackerOne report: <a href="https://hackerone.com/reports/248656">248656</a></p> <h3>Description</h3> - <p><p>Improper authentication of the second factor challenge would allow an attacker that had access to user credentials to bypass the second factor validation completely.</p> -</p> + <p>Improper authentication of the second factor challenge would allow an attacker that had access to user credentials to bypass the second factor validation completely.</p> <h3>Affected Software</h3> <ul> <li>Nextcloud Server < <strong>12.0.3</strong> (2018-3775)</li> </ul> <h3>Action Taken</h3> - <p><p>The error has been fixed and regression tests are in place.</p> -</p> + <p>The error has been fixed and regression tests are in place.</p> + <h3>Resolution</h3> + <p>It is recommended that all instances are upgraded at least to Nextcloud 12.0.3.</p> <h3>Acknowledgements</h3> <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p> <ul> |