Menu

someone can read the passwords using export trigger

Chris
2022-12-08
2023-04-29
1 2 3 .. 12 > >> (Page 1 of 12)
  • Chris

    Chris - 2022-12-08

    If an attacker modifies the xml config file (adding an export trigger on 'Opened database file') he will be able to export all the passwords, without us knowing it. Shouldn't the user be asked to confirm before exporting ?

     
  • Paul

    Paul - 2022-12-08

    I a word, yes.
    You can turn off "Do not require entering current master key before exporting" under Tools > Options > Policy.
    However, an attacker with enough access to add a trigger and then collect the export can turn this off.

    Basically, if an attacker has full access to your machine, it's no longer your machine.
    Use full disk encryption, make sure your anti virus is up to date and run a regular malware scan with something like MalwareBytes AM.

    cheers, Paul

     
    😕
    2
  • Chris

    Chris - 2022-12-08

    Thank you Dominik,
    But I'm not talking about a virus : a notepad is enough with access to the configuration file (for example by gaining remote access to the file).
    As a keepass user I was not fooled since silent export is a standard feature of keepass.
    If a password manager is as secure as a plain text configuration file, why should I use it instead of a spreadsheet to store my passwords on my computer ?
    Forcing the use of 'require entering current master key before exporting' could be great
    Best regards

     
    👎
    1
    👍
    4
  • Rick Z

    Rick Z - 2022-12-08

    If your computer is available to others you do not trust perhaps using the portable version on a memory stick that is kept in your pocket is a better choice than installing the app on a that computer?

     
  • Zarodoz

    Zarodoz - 2022-12-08

    This is a timebomb. There are times on most computers when someone else has access. Perhaps a version of Keepass without this feature at all!

     
    👍
    4
  • Phil G

    Phil G - 2022-12-08

    +1 for password confirming this activity. I've always used a portable version in a [veracrypt] encrypted file mounted only when I'm logged in, to protect against the possibility of the main executable being tampered with when others are using the PC.

    But for other people I've simply recommended KeePass to, I hadn't appreciated this relatively trivial way to exfiltrate information.

     
    👍
    2
  • wellread1

    wellread1 - 2022-12-08

    Forcing the use of 'require entering current master key before exporting' could be great

    It seems you missed Paul's post above. "You can turn off "Do not require entering current master key before exporting" under Tools > Options > Policy."

    There is also a policy to disable export entirely.

     
  • Chris

    Chris - 2022-12-08

    Hello wellread1 ,
    When I said 'force' I meant 'not be able to disable'.
    As Paul also said : 'However, an attacker with enough access to add a trigger and then collect the export can turn this off.'
    And the policy to disable export also seems to be stored in the configuration file.

    With the windows program, the encrypted database is by default as secure as a plain text file (ie the keepass configuration file)

     
    👍
    2
  • wellread1

    wellread1 - 2022-12-08

    To enforce policies and other settings, use an enforced configuration file (KeePass.config.enforced.xml file) and write protect the KeePass application directory (typical for a version of KeePass installed in a Windows Program Files directory). See https://keepass.info/help/kb/config_enf.html and https://keepass.info/help/base/configuration.html.

     
  • Paul

    Paul - 2022-12-09

    the encrypted database is by default as secure as a plain text file

    The database is as secure as the physical PC. Computing security 101.

    cheers, Paul

     
    👍
    1
    • Sergiof

      Sergiof - 2023-01-31

      The database is at least as secure as the physical PC. A password manager should not rely on the user setting propper permissions for the config files, and security related settings should be as protected as the passwords themselves.

      If the executable or the libraries are modifyable there is nothing anyone can do, but besides that, the database should be more secure than the PC it's running on.

       
      👍
      3
  • Chris

    Chris - 2022-12-09

    wellread1, I have read the documentation about enforced configuration file, but by default configuration file is a plain text file : by default keepass exe is insecure.
    Paul, You should say The database is as secure as Notepad

    Why do you use keepass?
    I chose to encrypt my passwords with keepass so that they are easier to manage, and not readable by everyone.
    I don't use it so that an attacker can easily access all my passwords, at once, using notepad

    There is a mistake on the keepass homepage (for windows application) because it says : "which helps you to manage your passwords in a secure way", "Database files are encrypted using the best and most secure encryption algorithms currently known"
    This point is missing: "someone can ask to export all your passwords in clear text without you knowing it"

     
    👍
    4
  • wellread1

    wellread1 - 2022-12-09

    by default configuration file is a plain text file : by default keepass exe is insecure.

    The KeePass configuration file is a set of workspace settings that must be loaded at startup before any database is loaded. These settings are not secrets. While it is possible to choose inappropriate workspace settings, obfuscating or encrypting a user's poor settings choices would not make KeePass more secure.

    Though many workspace settings don't require protection, it may be appropriate to write protect others, even though they aren't secrets. The operating system provides the means to write protect workspace settings through the appropriate application of folder permissions. KeePass can make use an enforced configuration file that is suitable in this situation.

     
  • Chris

    Chris - 2022-12-09

    You propose a workaround.
    Why people trust keepass so they use it instead of a spreadsheet ? perhaps because it is supposed to provide additional security, simply by clicking on the 'install' button.
    And how many know that by default a simple text editor will configure keepass to export, the next time they open it, all passwords in clear text without notification or confirmation?

     
    👍
    2
  • wellread1

    wellread1 - 2022-12-09

    I propose a supported configuration.

    Not all configurations are desired, feasible or appropriate in all circumstances for every user. KeePass ships with its I/O features enabled. It is intended for a user that wants flexibility and is willing to configure KeePass features appropriate to the working environment. It certainly makes sense to disable I/O features that you don't use. If you are concerned that your working environment is vulnerable, you can also sacrifice some convenience and disable additional I/O features, or increase the security of your working environment.

    For most users a default installation of KeePass is safe when running on a timely patched, properly managed, and responsibly used Window environment. No password manager is safe to use when the operating environment is compromised by a malicious actor.

     
  • Chris

    Chris - 2022-12-09

    So why do most users need to use a tool like keepass (encrypted password database) if using a timely patched, properly managed, and responsibly used Window environment is enough ?

    Having multiple layers of security is better

    The keepass application security layer seems too light and the risk is very important : keepass allows to discover silently ALL the user's passwords
    To bypass keepass security layer : no need for a virus or any special skills the windows notepad application with keepass documentation are enough

     
    👍
    4
  • wellread1

    wellread1 - 2022-12-09

    Using a password manager is one layer in an inter-dependent multi-layer security scheme. A password manager provides the following:

    • Provided that the database master key remains secret, account credentials are completely safe when the database is closed.
    • Account credentials can be conveniently stored, managed and used with features designed for the task.
    • Open databases get some protection against generic attacks.
    • The amount of protection can be customized through proper configuration, and by correctly using OS provided security features such as administrator & standard user accounts, and folder permissions.
     

    Last edit: wellread1 2022-12-10
  • Chris

    Chris - 2022-12-10

    In a sensitive application, the password is requested before an impacting modification action.
    For example in windows : when changing the password, or when entering the admin account before a system modification.
    "Open databases get some protection against generic attacks." I gave a counter-example for keepass, open it and perhaps someone has exported its content.
    A chain is as strong as its weakest link
    Why do you ignore my request to add a confirmation before exporting all passwords in clear text as done with export trigger ? (saying there is an optional disable option is not very secure)

     
    👍
    2
  • Chris

    Chris - 2022-12-10

    addendum :
    in your post : https://sourceforge.net/p/keepass/discussion/329220/thread/ba82af7955/#628f
    you forget to mention that a hacked configuration file can reveal all the content of the password database without the user knowing it

     
  • wellread1

    wellread1 - 2022-12-10

    Right, It is time for you to find another password manager or use notepad.

     
    👎
    3
    • Horst

      Horst - 2022-12-10

      Unfortunately that will not help him
      if he let others execute arbitrary tools on his PC.

       
      👎
      1

      Last edit: Horst 2022-12-10
    • Serrano

      Serrano - 2023-01-27

      https://keepassxc.org/

      As far as I can tell, KeePassXC doesn't have this vulnerability.

       
      👍
      3
1 2 3 .. 12 > >> (Page 1 of 12)

Log in to post a comment.