Vulnerability DatabaseCVE-2021-32800

CVE-2021-32800:
Linux openSUSE vulnerability analysis and mitigation

Overview

A Two Factor Authentication (2FA) bypass vulnerability was discovered in Nextcloud Server, tracked as CVE-2021-32800. The vulnerability affected versions prior to 20.0.12, 21.0.4, and 22.1.0, where an attacker could bypass the Two Factor Authentication mechanism. The issue was disclosed and patched in September 2021 (Nextcloud Advisory).

Technical details

The vulnerability was classified as CWE-304 (Missing Critical Step in Authentication) and received a High severity rating. The issue stemmed from an improper provider check in the authentication mechanism, which allowed attackers to circumvent the 2FA protection (NVD Report).

Impact

The vulnerability allowed attackers to bypass Two Factor Authentication in Nextcloud by only requiring knowledge of a password or access to a WebAuthN trusted device of a user to gain unauthorized access to an account (Nextcloud Advisory).

Mitigation and workarounds

The vulnerability was addressed in Nextcloud Server versions 20.0.12, 21.0.4, and 22.1.0. No workarounds were available for this vulnerability, making it critical for affected users to upgrade to the patched versions (Nextcloud Advisory).

Additional resources

Source: This report was generated using AI

Related Linux openSUSE vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-13470	HIGH	7.7	Linux Debian	rnp-debuginfo	No	Yes	Nov 21, 2025
CVE-2025-61915	MEDIUM	6.7	OpenPrinting CUPS	cups-devel	No	Yes	Nov 29, 2025
CVE-2025-58436	MEDIUM	5.5	OpenPrinting CUPS	cups-ipptool	No	Yes	Nov 29, 2025
CVE-2025-9820	N/A	N/A	GnuTLS	gnutls-c++	No	Yes	Nov 21, 2025
CVE-2025-13402	N/A	N/A	Linux Fedora	rnp	No	Yes	Nov 21, 2025