PT-2022-23037 · Nextcloud · Nextcloud Password Policy
Lownickvergessen
·
Published
2022-09-06
·
Updated
2023-04-03
·
CVE-2022-35931
CVSS v3.1
2.7
Low
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Password Policy versions prior to 22.2.10
Nextcloud Password Policy versions prior to 23.0.7
Nextcloud Password Policy versions prior to 24.0.3
Description
The random password generator in Nextcloud Password Policy may, in very rare cases, generate common passwords that the validator itself would block.
Recommendations
Upgrade to version 22.2.10 to receive a patch for the issue in Password Policy.
Upgrade to version 23.0.7 to receive a patch for the issue in Password Policy.
Upgrade to version 24.0.3 to receive a patch for the issue in Password Policy.
Exploit
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nextcloud Password Policy