Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: TLS MITM-compromise UX-response needs URGENT fix #7166

Open
4 of 8 tasks
Tracked by #7191
cluck opened this issue Sep 19, 2024 · 1 comment
Open
4 of 8 tasks
Tracked by #7191

[Bug]: TLS MITM-compromise UX-response needs URGENT fix #7166

cluck opened this issue Sep 19, 2024 · 1 comment

Comments

@cluck
Copy link

cluck commented Sep 19, 2024

⚠️ Before submitting, please verify the following: ⚠️

Bug description

The Nextcloud desktop client keeps popping up a "Untrusted Certificate" dialog with an option to "Trust this certificate anyway" on MITM attacks on the TLS connection, usually when the user expects it the least (that is, the user is not actively configuring a connection). A fix needs to be implemented in a timely manner (which is the "new" aspect of this report).

The bugtracker keeps accumulating complaints about this situation (with good analysis, e.g. #5396). Surprisingly, these issues remain stuck in "needs triage", while none of them mention any roadblock or pending clarification.

The current UX is very detrimental to security as these popups are frequently triggered on Public WiFi and visited corporate networks where untrusted MITM-Proxies hijack all sorts of connections. People tend to click the Nextcloud warning away, just to see it re-appear shortly after (e.g. when they roamed to a different hotspot). Being annoyed by the interruption (and from not being able to "solve" the issue anyway), a preferred reaction is to tick the "trust this certificate anyway". At this point the client will happily leak the authentication credentials to whatever MITM-proxy is presenting itself; possibly revealing cleartext credentials, Kerberos tickets or client tokens.

As an Admin, I can't even contain the risk by moving the Nextcloud server into a VPN, as this would just create more popups on the client while the VPN is unavailable.

The current UX is just insecure by design. This is in stark contrast with anything mentioned at https://nextcloud.com/secure/. I can not emphasize enough how this needs urgent development.

#6896 from Jul 9, 2024 (when behind a captive portal with no internet access dozens of popups appear (untrusted certificates))
#6517 from Mar 7, 2024 (Connection error notifications keep popping up when offline)
#6388 from Jan 28, 2024 (Client repeatedly nags about unreliable certificate)
#5967 from Aug 13, 2023 (When remote certificate is invalid, client refuses to cancel attempts for connection)
#5396 from Feb 5, 2023 (Invalid SSL cert pops warning every minute, encouraging unsafe choice)
#3347 from May 21, 2021 (Many popups asking whether to trust a server certificate)
#2702 from Dec 13, 2020 (Option (in client) to automatically reject self signed certificates?)

Steps to reproduce

See linked issues.

Expected behavior

We have a necessity to gain two configuration options in nextcloud.cfg to:

  • disable the possibility to "trust this certificate anyway"
  • silence these popups completely: just have the client silently retry the connection until the certificate turns valid/trusted again

Which files are affected by this bug

src/

Operating system

any

Which version of the operating system you are running.

any

Package

Distro package manager

Nextcloud Server version

29.0.6

Nextcloud Desktop Client version

3.13.3

Is this bug present after an update or on a fresh install?

Updated from a minor version (ex. 3.4.2 to 3.4.4)

Are you using the Nextcloud Server Encryption module?

Encryption is Enabled

Are you using an external user-backend?

  • Default internal user-backend
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Nextcloud Server logs

No response

Additional info

No response

@cluck
Copy link
Author

cluck commented Nov 15, 2024

What is the progress here?

(Related #7191)

@cluck cluck mentioned this issue Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant