ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation | Ars Technica
“The vulnerability, which carries the maximum severity rating of 10, makes it possible to obtain passwords and cryptographic keys allowing administrative control of a vulnerable server by sending a simple Web request to a static URL”
That’s why I keep nextcloud behind http basic auth. Don’t trust those software to expose them directly to Internet.
Basic auth is better than no auth, but it is absolutely not a recommended auth method these days
I use it on top of nextcloud auth
Basic auth is a base64 of your login credentials, might as well be plain text. You should absolutely not be using basic auth if you have other options
Like Authelia?
This would prevent nextcloud sync and phone apps from proper access wouldn’t it?