Learn about Centmin Mod LEMP Stack today
Become a Member

Security KeePass Won't Fix a Security Flaw Because It Will Lose Advertising Revenue

Discussion in 'All Internet & Web Performance News' started by eva2000, Jun 7, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    29,001
    6,580
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,770
    Local Time:
    9:45 PM
    Nginx 1.13.x
    MariaDB 5.5
    Wow KeePass users beware KeePass Won't Fix a Security Flaw Because It Will Lose Advertising Revenue !

     
    • Informative Informative x 3
    • Like Like x 1
  2. Xon

    Xon Active Member

    123
    55
    28
    Nov 16, 2015
    Ratings:
    +159
    Local Time:
    7:45 PM
    1.11.x
    MariaDB 10.1.x
    Saw this on Hacker News fairly damn disappointing.
     
    • Like Like x 1
  3. eva2000

    eva2000 Administrator Staff Member

    29,001
    6,580
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,770
    Local Time:
    9:45 PM
    Nginx 1.13.x
    MariaDB 5.5
    Indeed.. you use KeePass ? I am using LastPass myself
     
  4. Xon

    Xon Active Member

    123
    55
    28
    Nov 16, 2015
    Ratings:
    +159
    Local Time:
    7:45 PM
    1.11.x
    MariaDB 10.1.x
    Yeah, I turned off the auto-update ages ago because it was annoying. But glad I did since it was checking over HTTP!
     
    • Like Like x 1
  5. eva2000

    eva2000 Administrator Staff Member

    29,001
    6,580
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,770
    Local Time:
    9:45 PM
    Nginx 1.13.x
    MariaDB 5.5
    indeed reading Full Disclosure: MitM Attack against KeePass 2's Update Check they also use an invalid cert for their https version of their site too!
     
    • Like Like x 1
  6. eva2000

    eva2000 Administrator Staff Member

    29,001
    6,580
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,770
    Local Time:
    9:45 PM
    Nginx 1.13.x
    MariaDB 5.5
    Update at KeePass2 v 2.34 to fix update security problem | Hacker News

    original Security Issues - KeePass so version file is downloaded over HTTPS apparently
    but the HTTPS is over an insecure ssl certificate
    Code (Text):
    curl -I https://keepass.info/update/version2x.txt.gz
    curl: (60) SSL certificate problem: self signed certificate
    More details here: https://curl.haxx.se/docs/sslcerts.html
    
    curl performs SSL certificate verification by default, using a "bundle"
     of Certificate Authority (CA) public keys (CA certs). If the default
     bundle file isn't adequate, you can specify an alternate file
     using the --cacert option.
    If this HTTPS server uses a certificate signed by a CA represented in
     the bundle, the certificate verification probably failed due to a
     problem with the certificate (it might be expired, or the name might
     not match the domain name in the URL).
    If you'd like to turn off curl's verification of the certificate, use
     the -k (or --insecure) option.
    

    testssl run against the update file over their HTTPS connection reveals it's over a insecure SHA1 based ssl certificate too served via Apache 2.4.10 ! Which ain't good as Chrome EOL'd SHA1 support starting with Chrome 39-41
    Code (Text):
    testssl https://keepass.info/update/version2x.txt.gz          
    
    ###########################################################
        testssl       2.7dev from https://testssl.sh/dev/
        (1.493 2016/06/06 11:42:15)
    
          This program is free software. Distribution and
                 modification under GPLv2 permitted.
          USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
    
           Please file bugs @ https://testssl.sh/bugs/
    
    ###########################################################
    
     Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
     on b2a5ba280992:/usr/local/http2-15/bin/openssl
     (built: "reproducible build, date unspecified", platform: "linux-x86_64")
    
    
     Start 2016-06-08 19:28:54    -->> 46.252.18.237:443 (keepass.info) <<--
    
     further IP addresses:   2a00:1158:1000:300::1ed
     rDNS (46.252.18.237):   salina.ispgateway.de.
     Service detected:       HTTP
    
    
     Testing protocols (via sockets except TLS 1.2, SPDY+HTTP2) 
    
     SSLv2      not offered (OK)
     SSLv3      not offered (OK)
     TLS 1      offered
     TLS 1.1    offered
     TLS 1.2    offered (OK)
     SPDY/NPN   not offered
     HTTP2/ALPN not offered
    
     Testing ~standard cipher lists 
    
     Null Ciphers                 not offered (OK)
     Anonymous NULL Ciphers       not offered (OK)
     Anonymous DH Ciphers         not offered (OK)
     40 Bit encryption            not offered (OK)
     56 Bit encryption            not offered (OK)
     Export Ciphers (general)     not offered (OK)
     Low (<=64 Bit)               not offered (OK)
     DES Ciphers                  not offered (OK)
     Medium grade encryption      not offered (OK)
     Triple DES Ciphers           offered
     High grade encryption        offered (OK)
    
    
     Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption as well as 3DES and RC4 here 
    
     PFS is offered (OK)  ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA ECDHE-RSA-AES128-SHA 
    
    
     Testing server preferences 
    
     Has server cipher order?     yes (OK)
     Negotiated protocol          TLSv1.2
     Negotiated cipher            ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH
     Cipher order
         TLSv1:     ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA AES128-SHA AES256-SHA DES-CBC3-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA CAMELLIA128-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA 
         TLSv1.1:   ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA AES128-SHA AES256-SHA DES-CBC3-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA CAMELLIA128-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA 
         TLSv1.2:   ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES128-SHA AES256-SHA256 AES256-SHA DES-CBC3-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA CAMELLIA128-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA 
    
    
     Testing server defaults (Server Hello) 
    
     TLS extensions (standard)    "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "heartbeat/#15"
     Session Tickets RFC 5077     300 seconds (PFS requires session ticket keys to be rotated <= daily)
     SSL Session ID support       yes
     TLS clock skew               random values, no fingerprinting possible 
     Signature Algorithm          SHA1 with RSA
     Server key size              RSA 2048 bits
     Fingerprint / Serial         SHA1 D6DB83318B39A30BFCD1FF73DDABE98F90F0A7C8 / D7F0719CED679974
                                  SHA256 F0204D222C23A38BF69338634D3AA80C1ED7F6365374BCB5067148CC9433C327
     Common Name (CN)             "webserver.ispgateway.de" (works w/o SNI)
     subjectAltName (SAN)         -- 
     Issuer                       "webserver.ispgateway.de" ("ispgateway" from "DE")
     EV cert (experimental)       no 
     Certificate Expiration       1582 >= 60 days (2010-10-11 14:28 --> 2020-10-08 14:28 +0000)
     # of certificates provided   1
     Chain of trust (experim.)    "/usr/bin/etc/*.pem" cannot be found / not readable
     Certificate Revocation List  --
     OCSP URI                     --
     OCSP stapling                --
    
    
     Testing HTTP header response @ "/update/version2x.txt.gz" 
    
     HTTP Status Code             200 OK
     HTTP clock skew              0 sec from localtime
     IPv4 address in header        Strict Transport Security    --
     Public Key Pinning           --
     Server banner                Apache/2.4.10
     Application banner           --
     Cookie(s)                    (none issued at "/update/version2x.txt.gz")
     Security headers             --
     Reverse Proxy banner         --
    
    
     Testing vulnerabilities 
    
     Heartbleed (CVE-2014-0160)                not vulnerable (OK) (timed out)
     CCS (CVE-2014-0224)                       not vulnerable (OK)
     Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
     Secure Client-Initiated Renegotiation     not vulnerable (OK)
     CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
     BREACH (CVE-2013-3587)                    potentially NOT ok, uses gzip HTTP compression. - only supplied "/update/version2x.txt.gz" tested
                                               Can be ignored for static pages or if no secrets in the page
     POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
     TLS_FALLBACK_SCSV (RFC 7507), experim.    Downgrade attack prevention supported (OK)
     FREAK (CVE-2015-0204)                     not vulnerable (OK)
     DROWN (2016-0800, CVE-2016-0703), exper.  not vulnerable on this port (OK)
                                               make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                               https://censys.io/ipv4?q=F0204D222C23A38BF69338634D3AA80C1ED7F6365374BCB5067148CC9433C327 could help you to find out
     LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK), common primes not checked. See below for any DH ciphers + bit size
     BEAST (CVE-2011-3389)                     TLS1: DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA
                                                     AES128-SHA DHE-RSA-AES128-SHA AES256-SHA
                                                     DHE-RSA-AES256-SHA CAMELLIA128-SHA DHE-RSA-CAMELLIA128-SHA
                                                     CAMELLIA256-SHA DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-DES-CBC3-SHA
                                                     ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA
                                               VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
     RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)
    
    
     Testing all 183 locally available ciphers against the server, ordered by encryption strength 
    
    Hexcode  Cipher Suite Name (OpenSSL)    KeyExch.   Encryption Bits
    -------------------------------------------------------------------------
     xc030   ECDHE-RSA-AES256-GCM-SHA384    ECDH 256   AESGCM     256          
     xc028   ECDHE-RSA-AES256-SHA384        ECDH 256   AES        256          
     xc014   ECDHE-RSA-AES256-SHA           ECDH 256   AES        256          
     x9f     DHE-RSA-AES256-GCM-SHA384      DH 2048    AESGCM     256          
     x6b     DHE-RSA-AES256-SHA256          DH 2048    AES        256          
     x39     DHE-RSA-AES256-SHA             DH 2048    AES        256          
     x88     DHE-RSA-CAMELLIA256-SHA        DH 2048    Camellia   256          
     x9d     AES256-GCM-SHA384              RSA        AESGCM     256          
     x3d     AES256-SHA256                  RSA        AES        256          
     x35     AES256-SHA                     RSA        AES        256          
     x84     CAMELLIA256-SHA                RSA        Camellia   256          
     xc02f   ECDHE-RSA-AES128-GCM-SHA256    ECDH 256   AESGCM     128          
     xc027   ECDHE-RSA-AES128-SHA256        ECDH 256   AES        128          
     xc013   ECDHE-RSA-AES128-SHA           ECDH 256   AES        128          
     x9e     DHE-RSA-AES128-GCM-SHA256      DH 2048    AESGCM     128          
     x67     DHE-RSA-AES128-SHA256          DH 2048    AES        128          
     x33     DHE-RSA-AES128-SHA             DH 2048    AES        128          
     x45     DHE-RSA-CAMELLIA128-SHA        DH 2048    Camellia   128          
     x9c     AES128-GCM-SHA256              RSA        AESGCM     128          
     x3c     AES128-SHA256                  RSA        AES        128          
     x2f     AES128-SHA                     RSA        AES        128          
     x41     CAMELLIA128-SHA                RSA        Camellia   128          
     xc012   ECDHE-RSA-DES-CBC3-SHA         ECDH 256   3DES       168          
     x16     EDH-RSA-DES-CBC3-SHA           DH 2048    3DES       168          
     x0a     DES-CBC3-SHA                   RSA        3DES       168          
    
    
     Running browser simulations (experimental) 
    
     Android 2.3.7                 TLSv1 DHE-RSA-AES128-SHA
     Android 4.0.4                 TLSv1 ECDHE-RSA-AES128-SHA
     Android 4.1.1                 TLSv1 ECDHE-RSA-AES128-SHA
     Android 4.2.2                 TLSv1 ECDHE-RSA-AES128-SHA
     Android 4.3                   TLSv1.0 ECDHE-RSA-AES128-SHA
     Android 4.4.2                 TLSv1.1 ECDHE-RSA-AES128-SHA
     Android 5.0.0                 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
     Baidu Jan 2015                TLSv1 ECDHE-RSA-AES128-SHA
     BingPreview Jan 2015          TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
     Chrome 47 / OSX               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
     Firefox 31.3.0ESR / Win7      TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
     Firefox 42 / OSX              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
     GoogleBot Feb 2015            TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
     IE6 / XP                      No connection
     IE7 / Vista                   TLSv1.0 ECDHE-RSA-AES128-SHA
     IE8 / XP                      TLSv1.0 DES-CBC3-SHA
     IE8-10 / Win7                 TLSv1.0 ECDHE-RSA-AES128-SHA
     IE11 / Win7                   TLSv1.2 DHE-RSA-AES128-GCM-SHA256
     IE11 / Win8.1                 TLSv1.2 DHE-RSA-AES128-GCM-SHA256
     IE10 / Win Phone 8.0          TLSv1.0 ECDHE-RSA-AES128-SHA
     IE11 / Win Phone 8.1          TLSv1.2 ECDHE-RSA-AES128-SHA256
     IE11 / Win Phone 8.1 Update   TLSv1.2 DHE-RSA-AES128-GCM-SHA256
     IE11 / Win10                  TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
     Edge 13 / Win10               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
     Edge 12 / Win Phone 10        TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
     Java 6u45                     TLSv1 DHE-RSA-AES128-SHA
     Java 7u25                     TLSv1 ECDHE-RSA-AES128-SHA
     Java 8u31                     TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
     OpenSSL 0.9.8y                TLSv1 DHE-RSA-AES128-SHA
     OpenSSL 1.0.1l                TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
     OpenSSL 1.0.2e                TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
     Safari 5.1.9/ OSX 10.6.8      TLSv1 ECDHE-RSA-AES128-SHA
     Safari 6 / iOS 6.0.1          TLSv1.2 ECDHE-RSA-AES128-SHA256
     Safari 6.0.4/ OS X 10.8.4     TLSv1 ECDHE-RSA-AES128-SHA
     Safari 7 / iOS 7.1            TLSv1.2 ECDHE-RSA-AES128-SHA256
     Safari 7 / OS X 10.9          TLSv1.2 ECDHE-RSA-AES128-SHA256
     Safari 8 / iOS 8.4            TLSv1.2 ECDHE-RSA-AES128-SHA256
     Safari 8 / OS X 10.10         TLSv1.2 ECDHE-RSA-AES128-SHA256
     Safari 9 / iOS 9              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
     Safari 9 / OS X 10.11         TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
    
     Done 2016-06-08 19:31:24    -->> 46.252.18.237:443 (keepass.info) <<--
    
    
     
    • Informative Informative x 2
  7. Xon

    Xon Active Member

    123
    55
    28
    Nov 16, 2015
    Ratings:
    +159
    Local Time:
    7:45 PM
    1.11.x
    MariaDB 10.1.x
    Honestly, as long as the SSL cert is pinned by the application and the application verifies the download hash it isn't too bad. But still not good.

    But at least fixing the server end is something which can be done without replacing all the clients.
     
    • Agree Agree x 1
  8. eva2000

    eva2000 Administrator Staff Member

    29,001
    6,580
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,770
    Local Time:
    9:45 PM
    Nginx 1.13.x
    MariaDB 5.5
    indeed.. this has me thinking about centmin mod too.. switched all my download links within script to HTTPS version of centminmod.com site at least
     
    • Like Like x 2