-----BEGIN PGP SIGNED MESSAGE-----
A valid concern.
HTTPS should be used to secure traffic from a client to the server,
solving any problems related to eavesdropping.
Encrypting the content of the account data should solve two problems.
1. Secure data from curious system administrators.
2. Secure data in case of an account breach, Lost password or
3. Secure data that is copied off the server and taken offsite.
The current solution doesn't solve any of those problems. Firstly the
users password is the encryption key. Secondly, in the case of number
3, an attacker that can get your raw data will either have your
account password or server side access.
- From the OwnCloud Manual:
"Server-Side encryption is especially useful if you use external
storages. This way you can make sure that the storage provider is not
able to read your data."
I'm not quite sure what they are suggesting, because if we read a
"Encryption and decryption always happens server-side. This enables
the user to continue to use all the other apps to view and edit their
data. But this also means that the server administrator could
intercept your data."
With that in mind it would be nice to get some clarification as to
what threat the encryption solution is designed to mitigate.
Den 04.08.2014 16:00, skrev Frank Stanek:
thank you for this announcement. I have a (very naive) question
about this. As a consequence of this vulnerability an attacker with
access to the ownCloud server's file system can compromise the
encrypted data stored on the server. There does not seem to be a
workaround for that and there will be no fix. Thus, data on an
ownCloud server is always accessible to an attacker with access to
the file system, regardless of whether ownCloud's encryption
feature is enabled or not. Is that correct so far?
It seems to me that one of the encryption feature's main purposes
is to prevent an attacker with access to the server's file system
from immediate access to the user data. If my understanding above
is true, then this purpose is void since the encryption is useless
in that scenario. If this is somehow not part of the vendor's
threat model, isn't it at least an important restriction? Or did I
completely misunderstand something?
Am 04.08.2014 08:38, schrieb Senderek Web Security:
Senderek Web Security - Security Advisory
ownCloud Unencrypted Private Key Exposure
Revision: 1.00 Last Updated: 3 Aug 2014
In consequence of an insufficient threat model, ownCloud is storing
all user's private RSA keys in clear text in PHP session files.
These unencrypted private keys can be accessed by every web
application that has the privilege of the web server user. The
affected files exposing cryptographic keys will be stored in the
PHP session directory for a number of hours until they are
This issue was reported to ownCloud via encrypted email on Tue, 11
Mar 2014. I received a reply to this report from the vendor on Wed,
12 Mar 2014.
On Tue, 22 July 2014 the vendor confirmed, that they will not
address this problem, because the protection of user encrypted
files from remote attackers that have read access to the file
system with web server privilege is not - and will not be - part of
their threat model. Consequently, the vendor does not consider this
to be a vulnerability or security issue.
Affected Software Versions:
All versions of ownCloud since the introduction of the encryption
module in version 5.0.7 including version 7.0.0.
An attacker, who is able to read the PHP session files by
exploiting another web application that is running on the ownCloud
server, will be able to gather the unencrypted private key of every
ownCloud user. All encrypted files that are stored in a user's
home directory can be decrypted with this RSA private key, stored
in the PHP session files in plain text. If the user's encrypted
files are synced to other devices or shared with other servers -
for hosting or backup - an attacker will be able to decrypt all
user data that is being intercepted, even if the attacker has no
longer access to the server's file system.
In addition to the ownCloud encryption module users are advised to
encrypt their sensitive files separately with a standard
server-side encryption mechanism like GnuPG using a passphrase,
that is not stored on the server except while being used in
One software solution that extends ownCloud with GnuPG-based
server-side encryption can be downloaded here:
A detailed installation tutorial is available at:
This general web application extension addresses a more
comprehensive threat model, that includes the possibility of
read-access to web server accessible files on the server. However,
it does not protect against malicious actions of server admins, as
this cannot be prevented by web applications.
Security Advice Policy:
Complete information about reporting security vulnerabilities can
be found here:
All information in this security advisory is copyrighted because of
the time and effort in analysing and documenting the vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
-----END PGP SIGNATURE-----