Password Reset Bug in Nextcloud Server 15.0.2 Allows Expired 2FA Logins to Persist

Password Reset Bug in Nextcloud Server 15.0.2 Allows Expired 2FA Logins to Persist

CVE-2019-15612 · MEDIUM Severity

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.

Learn more about our Cis Benchmark Audit For Server Software.