CVE-2023-25818

HIGH Year: 2023
CVSS v3 Score
7.1
High
Weakness Type
CWE-307
View all →

Vulnerability Description

Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the password of another user and then brute force the 62^21 combinations for the password reset token. As of commit `704eb3aa` password reset attempts are now throttled. Note that 62^21 combinations would significant compute resources to brute force. None the less it is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2024-49597

HIGH
CVSS:7.2(High)

Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentia...

CWE-3072024

CVE-2019-20881

HIGH
CVSS:7.3(High)

An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA.

CWE-3072019

CVE-2021-3412

HIGH
CVSS:7.3(High)

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduc...

CWE-3072021

CVE-2022-2525

HIGH
CVSS:7.3(High)

Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.

CWE-3072022

CVE-2023-2531

HIGH
CVSS:7.3(High)

Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3.

CWE-3072023

CVE-2023-45582

HIGH
CVSS:7.3(High)

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated...

CWE-3072023