Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
owncloudOwnCloudOC-SA-2014-019
HistoryAug 18, 2014 - 8:22 a.m.

Server: Insufficient RSA Host Key validation in files_external (SFTP driver)

2014-08-1808:22:56
owncloud.org
17

EPSS

0.003

Percentile

66.4%

JSON

The SFTP external storage driver was verifying the RSA Host Key after logging in. This allows for a man-in-the-middle (MITM) attack even if the host key is already known and can be validated. Basically, at the point where the host key was validated, the secret has already been given away.

It should be noted, that you’re only affected by this vulnerability if you’re using SFTP external storage. Furthermore, a successful attack requires an attacker to be able to impersonate the remote server, i.e. by having control over the routing.

For more information please consult the official advisory.

This advisory is licensed CC BY-SA 4.0

Related

nvd 1
cve 1
openvas 1
cvelist 1
owncloud 1
prion 1
nvd
nvd
CVE-2014-5341
2015-02-04 18:59:00
cve
cve
CVE-2014-5341
2015-02-04 18:59:00
openvas
openvas
ownCloud 'files_external' RSA Key Validation Information Disclosure Vulnerability
2015-02-19 00:00:00
cvelist
cvelist
CVE-2014-5341
2015-02-04 18:00:00
owncloud
owncloud
Insufficient RSA Host Key validation in files_external (SFTP driver) - ownCloud
2014-08-18 18:31:18
prion
prion
Design/Logic Flaw
2015-02-04 18:59:00

EPSS

0.003

Percentile

66.4%

JSON
Related for OC-SA-2014-019
nvd1cve1openvas1cvelist1owncloud1prion1