Possible denial of service when entering a long password (NC-SA-2020-028)
16th June 2020
Risk level: Low
CVSS v3 Base Score: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
HackerOne report: 840598
Improper check of inputs in Preferred providers app 1.6.0 allowed to perform a denial of service attack when using a very long password.
- Nextcloud Preferred_providers < 1.7.0 (CVE-2020-8202)
The error has been fixed.
It is recommended that the Preferred providers app is upgraded to 1.7.0.
The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Abhishek Raj (email@example.com) - Vulnerability discovery and disclosure.
This advisory is licensed CC BY-SA 4.0.