[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ownCloud Unencrypted Private Key Exposure

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ownCloud Unencrypted Private Key Exposure
From: Senderek Web Security <support@xxxxxxxxxxx>
Date: Mon, 4 Aug 2014 08:38:04 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Senderek Web Security - Security Advisory

ownCloud Unencrypted Private Key Exposure
=========================================

https://senderek.ie/archive/2014/owncloud_unencrypted_private_key_exposure.php

Revision:         1.00
Last Updated:     3 Aug 2014


Summary:

        In consequence of an insufficient threat model, ownCloud is storing all 
user's
        private RSA keys in clear text in PHP session files.
        These unencrypted private keys can be accessed by every web application 
that
        has the privilege of the web server user. The affected files exposing 
cryptographic
        keys will be stored in the PHP session directory for a number of hours 
until they
        are removed.

        This issue was reported to ownCloud via encrypted email on Tue, 11 Mar 
2014.
        I received a reply to this report from the vendor on Wed, 12 Mar 2014.

        On Tue, 22 July 2014 the vendor confirmed, that they will not address 
this problem,
        because the protection of user encrypted files from remote attackers 
that have
        read access to the file system with web server privilege is not - and 
will not be -
        part of their threat model. Consequently, the vendor does not consider 
this to be
        a vulnerability or security issue.

Severity: High


Affected Software Versions:

        All versions of ownCloud since the introduction of the encryption 
module in
        version 5.0.7 including version 7.0.0.


Impact:

        An attacker, who is able to read the PHP session files by exploiting 
another web
        application that is running on the ownCloud server, will be able to 
gather the
        unencrypted private key of every ownCloud user.
        All encrypted files that are stored in a user's home directory can be 
decrypted
        with this RSA private key, stored in the PHP session files in plain 
text.
        If the user's encrypted files are synced to other devices or shared with
        other servers - for hosting or backup - an attacker will be able to 
decrypt all
        user data that is being intercepted, even if the attacker has no longer 
access to
        the server's file system.


Fixes:

        In addition to the ownCloud encryption module users are advised to 
encrypt their
        sensitive files separately with a standard server-side encryption 
mechanism like
        GnuPG using a passphrase, that is not stored on the server except while 
being used
        in memory.

        One software solution that extends ownCloud with GnuPG-based 
server-side encryption
        can be downloaded here:

                https://senderek.ie/downloads/release/cloud/wee-owncloud.tar

        A detailed installation tutorial is available at:

                https://senderek.ie/wee/cloud/wee-owncloud.php

        This general web application extension addresses a more comprehensive 
threat model,
        that includes the possibility of read-access to web server accessible 
files on the
        server. However, it does not protect against malicious actions of 
server admins,
        as this cannot be prevented by web applications.


Security Advice Policy:

        Complete information about reporting security vulnerabilities can be 
found here:

                https://senderek.ie/responsible.disclosure.policy.php

        All information in this security advisory is copyrighted because of the 
time and
        effort in analysing and documenting the vulnerability described here.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJT3lsOAAoJECyxzx4lRhdKI30QAKrVrr9nFO3+qdX6a0V6sJoy
sJUaqTbW9i1EI8IId2Vd1oh5GHJVq6BI9mnO+dTX+Y32B/cct1vfe+7Xfzhl9sGM
g0Z3vMsnm2MbEW2AjJTC3CCCHsLt3oSwpsevQaQ2BRZbUgSS1VIYCA6zACLJgzHr
oX/ExHXqdZ8Slol4N+3h9q5+DT2VjVgoBdNXWIeq0nd6iYbAlFS9YLECDAnFPtAl
OW05Z9m1wkMSxW1NiJPrQRmHn7YY41/SH7lgyIX0+lpi0h2D/LzAvpoVDRQL1j9A
aTP3B3xjCW8sQShKd4y8xLKQq2023L8ucy+h6anWbJCliIbK5cnXsjBgIJaGwpQw
9j5a1huKDsaXXEw5bmGpyiKMEhQ48YPBX0eMnGxOmShnRyvmhWiGPNMey9CgwEdR
hFZPN+sPC88EjSO+VMheWv4Ts3gDw9g2VmDy30B2Xd3X4yRBSjCLrD0OZbbytNQx
HIU7CJWnFKNUFZnQY4sZdxjlQf9wrLjGK7dxSTAY+n5qWH56RJVSO/Bj79i+Y+km
JVF3OO4IIO3BXcWwUfiPAmLvAOwedKNmbm23MdqquYsUnpWQYNiumETz/hpD1z/P
RCJS1Uc4sjg1mtBxxZqXLjpXm/WjgfOA8uulLdtmcmkqxaGfRdxQkJOsqZPdsje0
fJ2oNHU/Zu5KkROksoN9
=Pg9f
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: ownCloud Unencrypted Private Key Exposure
  - From: Frank Stanek

Prev by Date: [SECURITY] [DSA 2996-1] icedove security update
Next by Date: Video WiFi Transfer 1.01 - Directory Traversal Vulnerability
Previous by thread: [SECURITY] [DSA 2996-1] icedove security update
Next by thread: Re: ownCloud Unencrypted Private Key Exposure
Index(es):
- Date
- Thread