Not_Hackeronefour

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 23.0.11 Nextcloud Server versions prior to 24.0.7 Nextcloud Server versions prior to 25.0.0 **Description** The issue affects Nextcloud Server, an open source personal cloud server, where prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. This allows an administrator to cause a limited Denial of Service (DoS) attack against their own server. **Recommendations** For versions prior to 23.0.11, update to version 23.0.11 or later to resolve the issue. For versions prior to 24.0.7, update to version 24.0.7 or later to resolve the issue. For versions prior to 25.0.0, update to version 25.0.0 or later to resolve the issue. As a temporary workaround, do not create user accounts with long passwords.