Nearly a year ago I wrote that I had an extensive look into the server side encryption that is provided by the Default Encryption Module of Nextcloud. I also mentioned that I have written some helpful tools and an elaborate description for people that have to work with its encryption.
What I did not write about at that time was that I had also discovered several cryptographic vulnerabilities. After a full year, these have now finally been fixed, the corresponding HackerOne reports have been disclosed and so I think it is about time to also publish the whitepaper that I have written about these vulnerabilities.
The paper is called "Cryptographic Vulnerabilities and Other Shortcomings of the Nextcloud Server Side Encryption as implemented by the Default Encryption Module" and is available through the Cryptology ePrint Archive as report 2020/1439. The vulnerabilities presented in this paper have received their own CVEs, namely:
Having such an in-depth look into the implementation of a real-world application has been a lot of fun. However, I am also relieved that this project now finally comes to an end. I am eager to start with something new. 😃
The ETH Zürich published a paper called "Share with Care: Breaking E2EE in Nextcloud". The authors were kind enough to cite my own paper at the beginning of the related-works section:
"The only previous published work on cryptography in Nextcloud that we are aware of is that of Niehage , who analyzed server-side encryption in Nextcloud and discovered four vulnerabilities. The first exploits the lack of authenticity of public keys to break confidentiality, essentially by performing a key substitution attack. The others break file integrity. The vulnerabilities were patched by Nextcloud in version 20 of their server."