Recycle Bin folder is public!

My Cloud OS 3 Personal & Network Attached Storage My Cloud EX2
1

Hi all,

I have a question about the recycle bin shared folder. Is this folder PUBLIC ? because if so, this is a serious security flaw. If you delete something from a restricted share and it ends up in a public share, it’s not good.

2

Maybe you should try contacting WD’s Technical Support about this. You can do so either by phone or email.

To Contact WD for Technical Support
http://support.wdc.com/contact/index.asp?lang=en

Support by Country
http://support.wdc.com/country/index.asp

3

Ill just leave this here, the rest is up to you guys to figure it out …

response from WD Support:

First and foremost, we would like to thank you for taking the time to contact us in regards to the question regarding the Recycle Bin on the My Cloud EX2.

You are correct, the Recycle Bin is public on the WD My Cloud EX2. All deleted files from the shares that have the Recycle Bin feature set to ON will end up as public in the Recycle Bin. Please note that this feature is set to OFF by default in the share settings.

For more information please refer to the user manual on pages 46 and 118. The user manual can be found on the link here: http://www.wdc.com/wdproducts/library/UM/ENG/4779-705119.pdf

my reply

Thank you for the reply. I understand that the default settings of Recycle Bin are off, but let’s not forget that most of the users do not use the default settings.
I hope that WD does not satisfy with the " this are the default settings, be happy with it " kind of policy. I also hope that security is an important subject and that WD takes this issue ( because it is a security flaw ) into consideration and will fix this at the next firmware update.
I would like to receive an answer that this has come to their attention and they will work on fixing it.

Considering that the Recycle Bin is the ONLY safety prior to a backup against accidental deletion of important files, it should also be secure as the share it was deleted from. What is the point in having a secure share if a main function of the OS has a security hole and then everyone can see what I tried to restrict from them?

second reply from WD

_Thank you for contacting Western Digital Customer Support.

I appreciate the feedback you have provided us regarding the Recycle Bin on the My Cloud EX2 and I have escalated this case to my head department for further review. Our engineers will investigate the security settings as soon as possible. Please note that this may take time and as such I would like to thank you for your patience in advance.

I will contact you as soon as I have received a response._

4

Your post sounds more like a good Feature Request; the best place for this, is in the Ideas Exchange section. This way someone from WD will be sure to see it and will allow more users to support your idea.

However, I would first search and make sure that there are no other active Feature Requests suggesting the same or similar improvements. If there is, then you could add your post and vote on it.

Network Product Ideas

5

Hi guys, i have a final answer from WD regarding this issue:

Thank you for contacting Western Digital Customer Support.

I appreciate your time for sending me the system logs and I have now also received a reply from my higher technical department. The reply I have received is as following: „The Recycle bin is not private; however, the contents are only visible to the user who deleted the file(s). So, if a user deletes a file from a private share, that file goes to the (public) recycle bin, and any other user who does not have access to the private share (that the file was deleted from), will not see that file even though they can access the recycle bin.

To summarize.

Any data deleted in the public folders, all users will see it. Data deleted from a private share, only that user will see it. This has been tested and verified.” - This is great news as this means that any private files you delete should only be seen to the user account to whom the file belonged to not anyone else.

Once again, I would like to thank you for bringing the Recycle Bin security settings into the attention of our Customer Services department and we have ensured that all of our agents are notified of this effective immediately.

I hope that this information is helpful to you, if you have any further questions, please reply as I am always happy to help.

Sincerely,

[Deleted]