[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] MitM Attack against KeePass 2's Update Check
From: Bogner Florian <Florian.Bogner () kapsch ! net>
Date: 2016-05-30 18:00:38
Message-ID: A22134A7-8051-4E61-8BB6-50838B01EE7A () kapsch ! net
[Download RAW message or body]
MitM Attack against KeePass 2's Update Check
Metadata
===================================================
Release Date: 02-03-2016
Author: Florian Bogner @ Kapsch BusinessCom AG (https://www.kapsch.net/kbc)
Affected versions: all tested version up to the current 2.33
Tested on: Windows 7
CVE : CVE-2016-5119
URL: https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/
Video: https://youtu.be/gOxcQSbpA-Q
Vulnerability Status: Won't fix
Abstract
===================================================
An attacker can abuse KeePass 2's recommended automatic update check – if enabled – to \
"release" a new version and redirect the user to a malicious download page.
Disclosure Timeline
===================================================
8.2.2016 @ 11:30: Issue privately reported to Dominik Reichl (http://keepass.info/contact.html)
8.2.2016 @ 12:00: CVE number requested
8.2.2016 @ 15:45: Received response from Dominik Reichl: The vulnerability will not be fixed. \
The indirect costs of switching to HTTPS (like lost advertisement revenue) make it a inviable \
solution. 30.5.2016 @ 18:00: MITRE assigned CVE-2016-5119; I reconfirmed that version 2.33 is \
still vulnerable
Technical Details
===================================================
During a recent traffic analysis I stumbled upon an interesting request to \
http://keepass.info/update/version2x.txt.gz. As I had a few hours spare I took a closer look.
It turned out that KeePass 2's automatic update check uses HTTP to request the current version \
information. For that purpose it downloads the following text file from \
http://keepass.info/update/version2x.txt.gz
>
KeePass:2.31
ArcFour Cipher Plugin:2.0.9
CodeWallet3ImportPlugin:1
DataBaseBackup:2.0.8.6
DataBaseReorder:2.0.8
EnableGridLines:1.1
eWallet Liberated Data Importer:0.12
IOProtocolExt:1.11
ITanMaster:2.28.0.2
KdbxLite:1.1
KeeAutoExec:1.8
KeeOldFormatExport:1
KeeResize:1.7
KPScript - Scripting KeePass:2.31
OnScreenKeyboard2:1.2
OtpKeyProv:2.4
PwGen8U:1
PwGenBaliktad:1.2
QR Code Generator:2.0.12
QualityColumn:1.2
Sample Plugin for Developers:2.0.9
SpmImport:1.2
WinKee:2.28.0.1
>
If a new version is available a dialog is shown to the user. An attacker can modify – thought \
for example ARP spoofing or by providing a malicious Wifi Hotspot – the server response to \
introduce a new version and thereby force the new version dialog to be shown. (Already heard \
about the new KeePass 9 release?)
If the user now clicks within the update dialog to download the new version, the URL \
http://keepass.info/ is opened to manually download the new release. Guess what, we can also \
intercept that traffic as it again uses HTTP. Thereby an attacker can even indirectly control \
the downloaded "update".
Suggested Solution
===================================================
For any security centric tool – like a password manager – it is essential to not expose its \
users to any additional risks.
Hence, I strongly recommend that all requests should be switch to encrypted HTTPS communication \
– especially version checks and updates! This should be fairly easy to implement and should \
not introduce any compatibility issues. Furthermore a valid certificate should be used for \
https://keepass.info and all unencrypted HTTP requests should be redirected to the encrypted \
version of the site. To provide even more security it is recommended to add the HTTP Strict \
Transport Security (HSTS) headers. As an alternative the update check feature could be removed.
Workaround
===================================================
Until the version check has been switched to HTTPS, update notifications should be taken with a \
grand of salt. To be on the safe side, new releases should be downloaded only directly from \
Keepass's secured Sourceforge page: https://sourceforge.net/projects/keepass/
Florian Bogner | Security Solutions
ICT Technology Solutions
Telefon Mobil +43 664 628 5491 | florian.bogner@kapsch.net <mailto:florian.bogner@kapsch.net>
Kapsch BusinessCom AG | Wienerbergstrasse 53 | 1120 Wien | Österreich
www.kapschbusiness.com <http://www.kapschbusiness.com/> | www.kapsch.net \
<applewebdata://0EBE2678-1E1C-4DE6-A91B-7BE040A1AA2E/www.kapsch.net> Firmenbuch HG Wien FN \
178368g | Firmensitz Wien
<http://www.kapschbusiness.com/>
<http://www.kapsch.net/kbc/Events/EventItems/Kapsch-Security-Day-2016> \
<http://www.kapsch.net/kbc/Events/EventItems/Kapsch-Security-Day-2016> \
<http://www.kapsch.net/kbc/Events/EventItems/Kapsch-Security-Day-2016> \
<http://www.kapschbusiness.com/> <http://www.kapschbusiness.com/>
["smime.p7s" (smime.p7s)]
0 *H
010 + 0 *H
;00 j
+gߴ[0
*H
0 10 UUS10U
VeriSign, Inc.10UVeriSign Trust Network1;09U2Terms of use at \
https://www.verisign.com/rpa (c)081<0:U3VeriSign Class 2 MPKI Individual Subscriber CA - \
G20 150804000000Z
160803235959Z010 UAT10UObj6010U
Kapsch BusinessCom AG1F0DU=www.verisign.com/repository/CPS Incorp. by \
Ref.,LIAB.LTD(c)9910UEmployeeID - 206910UFlorian Bogner1(0& *H \
florian.bogner@kapsch.net0"0 *H
0
A-c#4дAx : ZV%DkaDPA,肓;NXtPkv=jf \
X&szl|pjHwybD@+T \
ݣ_ Hᚶc#RS-y_tIٴgqL*U%=E'({RD)W}3EZ%ݰwz3}%2Iwֵ= \
00 U0 0DU \
=0;09`HE0*0(+https://www.verisign.com/rpa0U \
0 `HB0LUE0C0A ? \
=;http://onsitecrl.verisign.com/OnSitePublic/LatestCRL-G2.crl0 *H
utm O
ey
r}ɞ%%A,ioVjNv;85
VQOlEZ 0.1IG7! v$^J u)zaOO|fFp-̔Ȍz<c)T|I<K 2V:'d\4]Tg.k)fk14=ݞ.,`,ߵt>x\rYvTvJe~2C_|5 \
KF?Hw}{X\0>0& c nz\c0 *H
010 UUS10U
VeriSign, Inc.10UVeriSign Trust Network1:08U1(c) 1999 VeriSign, Inc. - For \
authorized use only1E0CU<VeriSign Class 2 Public Primary Certification Authority - G30 \
080429000000Z 180428235959Z0 10 UUS10U
VeriSign, Inc.10UVeriSign Trust Network1;09U2Terms of use at \
https://www.verisign.com/rpa (c)081<0:U3VeriSign Class 2 MPKI Individual Subscriber CA - \
G20"0 *H
0
wqv\)M×
t
n!ِĄܹ7ds[
U1?n[1~=8π}(E'*t#`\ x_:rREoX/H%G㊳@f \
<Z$㫡j&k{&mXݶHb0܊#[hgt'> \
XϹa]#>lsH3&4ǤCZㅹ2D[' A8 $0 \
0U0 0pU \
i0g0e`HE0V0(+https://www.verisign.com/cps0*+0https://www.verisign.com/rpa0U0 `HB04U-0+0) \
' %#http://crl.verisign.com/pca2-g3.crl0-U&0$"0 \
10UPrivateLabel4-2048-740U:_\6O>m*?] 0U#0塁Ф010 UUS10U
VeriSign, Inc.10UVeriSign Trust Network1:08U1(c) 1999 VeriSign, Inc. - For \
authorized use only1E0CU<VeriSign Class 2 Public Primary Certification Authority - \
G3apI_E)簦P[z0 *H
v̡yS ^ScQT._=+H+
"^$N 洚GYGD4Ff?` : AxW|G2ymPTJdwDpv
ho.I6Tf5߃Er1S}G降t`%Lk \
n΅TdrMZOq,OyU%M` {G#m{d\DՏrKJc[& \
Bm180400 10 UUS10U VeriSign, Inc.10UVeriSign Trust \
Network1;09U2Terms of use at https://www.verisign.com/rpa (c)081<0:U3VeriSign Class 2 \
MPKI Individual Subscriber CA - G2j +gߴ[0 + 50 *H
1 *H
0 *H
1
160530180039Z0# *H
1upk`}j&E0 +7100 10 UUS10U
VeriSign, Inc.10UVeriSign Trust Network1;09U2Terms of use at \
https://www.verisign.com/rpa (c)081<0:U3VeriSign Class 2 MPKI Individual Subscriber CA - \
G2j +gߴ[0*H
1 0 10 UUS10U
VeriSign, Inc.10UVeriSign Trust Network1;09U2Terms of use at \
https://www.verisign.com/rpa (c)081<0:U3VeriSign Class 2 MPKI Individual Subscriber CA - \
G2j +gߴ[0
*H
g
zq]xBPŭJ(9_$Z ʴfA|uU&X:Y|&<1|H^D8Ϋ9N8"GeΦP
b=-xwD ;ޓp7qN(=*NhС߸t5K \
wtIlx50kh@6XcKkFSѲM"h+!ݤp3ЋB0]h4\5/H)
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
--===============1713519159746530158==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic