CVE ID : CVE-2025-66558
Published : Dec. 5, 2025, 6:15 p.m. | 49 minutes ago
Description : Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would then be prompted to register a new device on the next login. The attacker can not authenticate as the victim. This vulnerability is fixed in 1.4.2 and 2.4.1.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…