Potential security issues and their status/analysis. |
This page lists various potential security issues that have been reportedand their status/analysis (whether the claims are valid, whether an issue isfixed, etc.).
- Header Authentication
- MemUtil.ArraysEqualSusceptible to Timing Attack
- KeeFarce
- Automatic Update Vulnerability
- Write Access to Configuration File
- Exporting CSV Files With Application-Specific Expressions
- .NET Framework Version
- Sensitive Data in Fedora System Log (CVE-2022-0725)
Header Authentication
Problem.In their paper 'On The Security of Password Manager Database Formats',P. Gasti and K. B. Rasmussenhave presented attacks on the KDB and KDBX file formats based onunauthenticated header data.For KDB, this issue has allowed silent data removal attacks.For KDBX, the issue has allowed silent data corruption attacks.Both were minor security issues (confidentiality was not compromised).
Status.Header data authentication has been introduced for both KDB and KDBX in KeePass1.24 and2.20, in order to prevent the attacks.See also the release notes'KeePass 1.24 and 2.20 Header Authentication'.P. Gasti and K. B. Rasmussen published their paper in aresponsible disclosure process, and the defenses in KeePass have beenimplemented before the issues were presented to the public.
MemUtil.ArraysEqual
Susceptible to Timing Attack
Problem.It has been reported that the method MemUtil.ArraysEqual
is susceptible to a timing side-channel attack.
Analysis.The time required by MemUtil.ArraysEqual
indeed dependson the data, but it is irrelevant.In a timing side-channel attack, an attacker analyzes the time that acryptographic system requires to perform some operation and tries todeduce secret information from it.For KeePass, this is not applicable.KeePass is a desktop application and does not feature any server capabilities(especially, no automatic database opening can be triggered externally).If there is spyware on the PC that KeePass is running on, there arefar more easy and efficient attacks for the spyware to steal passwordsfrom KeePass than a timing side-channel attack(see also the section 'Specialized Spyware'on the security page).
KeeFarce
KeeFarce is not an attack (and the developer of the tool also nowheredeclares it as attack or threat).
KeeFarce extracts information of a running KeePass process (with an open database)using a rather complicated method (using DLL injection).There are much simpler ways to achieve that.For example, a tool could send simulated keypresses to the KeePass windowto export the data to a file (e.g. press Alt+F,E, Tab,Space, ...).Before that, a screenshot could be created and displayed above all windows inorder to hide this procedure (and a user probably would not notice a screenfreeze of one second).Alternatively, imagine a tool that captures your master password (keylogger)and your database file.
The actual problem here is running specialized spyware(as the same user and with the same rights, like KeeFarce assumes).If you are doing this, everything is over.An application cannot protect itself in such a case;all modern PC operating systems (Windows, Linux, ...) intentionallyallow applications to manipulate other applications on the same level.See also the section'Specialized Spyware'on the security page.
Protections against generic (non-specialized) spyware can sometimes beimplemented. For example, Two-ChannelAuto-Type Obfuscation (TCATO) is a way to protect auto-typeddata from keyloggers, the secure desktop protectsyour master password from some keyloggers,secure edit controls protect againstpassword control spies, and so on. These protections only work againstspecific classes of generic spyware. For example, while TCATO protects againstkeyloggers, a spyware that is both a keylogger and a clipboard spy at the sametime renders TCATO useless. Again, the actual problem is running spyware,not any insufficient protections. There is no protection against a spywaremonitoring everything and allowed to do everything, except not running thespyware in the first place.Protections like TCATO might save you in the case of running somenon-advanced spyware, but they are not a license for running any arbitrary spyware.
Neither KeePass nor any other password manager can magically runsecurely in a spyware-infected, insecure environment.Users still are responsible for the security of their PC.Do use anti-virus software, keep security-critical software up-to-date,use a proper firewall, only run software from trusted sources,do not open unknown e-mail attachments, etc.
Automatic Update Vulnerability
There have been some articles about automatic KeePass updates being vulnerable.This section clarifies the situation and its resolution.
First of all, we would like to note that KeePass cannot update itself.KeePass does support checking for updates (optional; by downloading a versioninformation file, comparing the available with the installed versionnumber, and displaying a notification if necessary).However, it neither downloads nor installs any new version automatically.Users have to do this manually.
KeePass can be downloaded from many servers (SourceForge with itsmany mirror servers, FossHub, etc.).All KeePass files containing executable code (files with the extension'exe' or 'dll') are digitally signed using Authenticode.Instructions how to verify the digital signatures can be found in the FAQ:'How to verify the digital signatures?'.
The KeePass website links to SourceForge for downloading KeePass.However, even if SourceForge (or the KeePass website)is compromised and serves a malicious download,users who check the digital signature will notice the attack andwill not run the malware.Note that HTTPS cannot prevent an attack via a compromise of thedownload server; checking the digital signature does.
The version information file is downloaded from the KeePass websiteover HTTP. Thus a man in the middle (someone who can interceptyour connection to the KeePass website) could havereturned an incorrect version information file, possibly making KeePassdisplay a notification that a new KeePass version is available.However, the next steps (downloading and installing the new version)must be carried out by the user manually, and here users who check thedigital signature will notice the attack.
Resolution.In order to prevent a man in the middle from making KeePass displayincorrect version information(even though this does not imply a successful attack, see above),the version information file is now digitally signed (using RSA-4096 and SHA-512).KeePass 2.34 and higher only accept such a digitally signed version information file.Furthermore, the version information file is now downloaded over HTTPS.
Write Access to Configuration File
An attacker who has write access to the KeePassconfiguration filecan modify it maliciously.This is not really a security vulnerability of KeePass though.
- If the user has installed KeePass using the setup program, theconfiguration file is stored in the user's application data directory(in "%APPDATA%\KeePass"), which is within the user profiledirectory ("%USERPROFILE%").In this case, having write access to the KeePass configuration file istypically equivalent to having write access to the user profile directory.Someone who has write access to the user profile directory canperform various kinds of attacks.For example, the attacker could add malware in the startup folder("%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup";the malware will run automatically after the next user logon),modify desktop shortcuts (in "%USERPROFILE%\Desktop"),manipulate the user's registry (file "%USERPROFILE%\NTUSER.DAT"),modify configuration files of other applications(for instance to make a browser open a malicious website automatically),and so on.
- If the user is using the portable version of KeePass,the configuration file is stored in the application directory(which contains the "KeePass.exe" file).In this case, having write access to the KeePass configuration file istypically equivalent to having write access to the application directory.With this capability, an attacker can for instance simply replace the"KeePass.exe" file by some malware.
In both cases, having write access to the KeePass configuration filetypically implies that an attacker can actually perform much morepowerful attacks than modifying the configuration file(and these attacks in the end can also affect KeePass, independentof a configuration file protection).
These attacks can only be prevented by keeping the environment secure(by using an anti-virus software, a firewall, not opening unknowne-mail attachments, etc.).KeePass cannot magically run securely in an insecure environment.
See also:Specialized Spyware andEnforced Configuration.
Exporting CSV Files With Application-Specific Expressions
When exporting data to a CSV file, KeePass encodes certain characters(as required by the file format), but it does not filter any expressionssupported by some other applications (not defined by the generic CSV file format).This may result in a certain behavior in such an application.
For example, when opening an exported CSV file in a spreadsheet application(e.g. Microsoft Excel or LibreOffice Calc), this applicationmay interpret/evaluate some data as formulas.
We think that this is not a problem in KeePass, but in the applicationthat interprets/evaluates the application-specific expressions(which should ask the user whether/how to interpret the CSV file).
For a detailed explanation, see'CSV formula injection'on the Google Bug Hunters website.
.NET Framework Version
For compatibility with as many systems as reasonably possible, KeePassis built in such a way that it runs with the .NET Framework 2.0 or higher.Nowadays, the .NET Framework 2.0 is outdated and not maintained anymore;it may have security vulnerabilities.However, the compatibility of KeePass with the .NET Framework 2.0 doesnot mean that KeePass inherits the security vulnerabilities ofthe .NET Framework 2.0 when running on a higher version.
KeePass is built/configured in such a way that it runs with thehighest version of the .NET Frameworks installed on the PC.For example, if you have installed the .NET Frameworks 3.5 and 4.8 (both,in parallel) and start KeePass, then it runs with the .NET Framework 4.8.
Microsoft fully supports the latest version of the .NET Frameworkand keeps it up-to-date automatically via Windows Update.
Related: 'Is there a 64-bit version?'.
Sensitive Data in Fedora System Log (CVE-2022-0725)
On Fedora systems (other Linux systems do not seem to be affected),copying data to the clipboard may have resulted in the data to appearin the system log ('systemd' journal).This issue has been reported as CVE-2022-0725.
KeePass itself does not (and never did) write any sensitive data toa system log. The issue must have been caused by an external component(tool, framework or operating system component).CVE-2022-0725 incorrectly claims that it would be caused by a flaw in KeePass.
In order to avoid the issue, KeePass ≥ 2.54 uses a different methodfor copying data to the clipboard.