Dominik Schürmann

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server version 19.0.1 **Description** The issue arises from a misconfiguration in Nextcloud Server, where the user is incorrectly led to believe that passwordless WebAuthn also serves as two-factor verification. This misconception occurs because the system prompts for the passwordless WebAuthn PIN but fails to verify it. **Recommendations** For Nextcloud Server version 19.0.1, ensure that the WebAuthn configuration is corrected to properly verify the PIN when prompting for it, thereby accurately implementing two-factor verification.