CVE-2020-8173 - OpenCVE

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Nextcloud	Nextcloud Server

Configuration 1 [-]

OR	cpe:2.3:a:nextcloud:nextcloud_server::::::::
	cpe:2.3:a:nextcloud:nextcloud_server::::::::

References

Link	Resource
https://hackerone.com/reports/852841	Exploit Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2020-023	Broken Link Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2020-10-30T18:12:26

Updated: 2020-10-30T18:12:26

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8173

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-11-02T21:15:34.710

Modified: 2022-09-27T15:49:40.023

Link: CVE-2020-8173

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "08EA63FB-C11B-4333-B006-74AE9EF83F61", "versionEndExcluding": "17.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "98AEFCB4-A95C-4A28-A752-629BCE6DBAE5", "versionEndExcluding": "18.0.5", "versionStartIncluding": "18.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended."}, {"lang": "es", "value": "Un conjunto muy peque\u00f1o de caracteres aleatorios que est\u00e1n siendo utilizados para el cifrado en Nextcloud Server versi\u00f3n 18.0.4, permiti\u00f3 el descifrado en un tiempo m\u00e1s corto del previsto"}], "id": "CVE-2020-8173", "lastModified": "2022-09-27T15:49:40.023", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-02T21:15:34.710", "references": [{"source": "support@hackerone.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackerone.com/reports/852841"}, {"source": "support@hackerone.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-023"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-310"}], "source": "support@hackerone.com", "type": "Secondary"}]}