ownCloud Unencrypted Private Key Exposure Aug 04 2014 06:38AM
Senderek Web Security (support senderek ie) (1 replies)
Hash: SHA1

Senderek Web Security - Security Advisory

ownCloud Unencrypted Private Key Exposure


Revision: 1.00
Last Updated: 3 Aug 2014


In consequence of an insufficient threat model, ownCloud is storing all user's
private RSA keys in clear text in PHP session files.
These unencrypted private keys can be accessed by every web application that
has the privilege of the web server user. The affected files exposing cryptographic
keys will be stored in the PHP session directory for a number of hours until they
are removed.

This issue was reported to ownCloud via encrypted email on Tue, 11 Mar 2014.
I received a reply to this report from the vendor on Wed, 12 Mar 2014.

On Tue, 22 July 2014 the vendor confirmed, that they will not address this problem,
because the protection of user encrypted files from remote attackers that have
read access to the file system with web server privilege is not - and will not be -
part of their threat model. Consequently, the vendor does not consider this to be
a vulnerability or security issue.

Severity: High

Affected Software Versions:

All versions of ownCloud since the introduction of the encryption module in
version 5.0.7 including version 7.0.0.


An attacker, who is able to read the PHP session files by exploiting another web
application that is running on the ownCloud server, will be able to gather the
unencrypted private key of every ownCloud user.
All encrypted files that are stored in a user's home directory can be decrypted
with this RSA private key, stored in the PHP session files in plain text.
If the user's encrypted files are synced to other devices or shared with
other servers - for hosting or backup - an attacker will be able to decrypt all
user data that is being intercepted, even if the attacker has no longer access to
the server's file system.


In addition to the ownCloud encryption module users are advised to encrypt their
sensitive files separately with a standard server-side encryption mechanism like
GnuPG using a passphrase, that is not stored on the server except while being used
in memory.

One software solution that extends ownCloud with GnuPG-based server-side encryption
can be downloaded here:


A detailed installation tutorial is available at:


This general web application extension addresses a more comprehensive threat model,
that includes the possibility of read-access to web server accessible files on the
server. However, it does not protect against malicious actions of server admins,
as this cannot be prevented by web applications.

Security Advice Policy:

Complete information about reporting security vulnerabilities can be found here:


All information in this security advisory is copyrighted because of the time and
effort in analysing and documenting the vulnerability described here.

Version: GnuPG v1.4.11 (GNU/Linux)


[ reply ]
Re: ownCloud Unencrypted Private Key Exposure Aug 04 2014 02:00PM
Frank Stanek (frank frank-stanek de) (3 replies)
Re: ownCloud Unencrypted Private Key Exposure Aug 05 2014 06:09PM
Jack Brennan (mail sourcenix com) (2 replies)
RE: ownCloud Unencrypted Private Key Exposure Aug 06 2014 03:11PM
Mikhail A. Utin (mutin commonwealthcare org)
Re: ownCloud Unencrypted Private Key Exposure Aug 06 2014 01:49PM
Frank Stanek (frank frank-stanek de)
Re: ownCloud Unencrypted Private Key Exposure Aug 05 2014 01:13PM
Anthony Dubuissez (anthony dubuissez webera fr) (1 replies)
RE: ownCloud Unencrypted Private Key Exposure Aug 06 2014 03:31PM
Mikhail A. Utin (mutin commonwealthcare org)


Privacy Statement
Copyright 2010, SecurityFocus