Password Managers Vulnerabilities - Under Hood of Secrets Management

Page 1 of 4 123 ... LastLast
    Password Managers Vulnerabilities - Under Hood of Secrets Management

    Password Managers Vulnerabilities - Under Hood of Secrets Management


    Posted: 20 Feb 2019

    Abstract:

    Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose security guarantees password managers should offer and examine the underlying workings of five popular password managers targeting the Windows 10 platform: 1Password 7 [1], 1Password 4 [1], Dashlane [2], KeePass [3], and LastPass [4]. We anticipated that password managers would employ basic security best practices, such as scrubbing secrets from memory when they are not in use and sanitization of memory once a password manager was logged out and placed into a locked state. However, we found that in all password managers we examined, trivial secrets extraction was possible from a locked password manager, including the master password in some cases, exposing up to 60 million users that use the password managers in this study to secrets retrieval from an assumed secure locked state.

    Introduction:

    First and foremost, password managers are a good thing. All password managers we have examined add value to the security posture of secrets management, and as Troy Hunt, an active security researcher once wrote, “Password managers don’t have to be perfect, they just have to be better than not having one” [5]. Aside from being an administrative tool to allow users to categorize and better manage their credentials, password managers guide users to avoid bad password practices such as using weak passwords, common passwords, generic passwords, and password reuse.

    The tradeoff is that users’ credentials are then centrally stored and managed, typically protected by a single master password to unlock a password manager data store. With the rising popularity of password manager use it is safe to assume that adversarial activity will target the growing user base of these password managers. Table 1, below, outlines the number of individual users and business entities for each of the password managers we examine in this paper.

    Password Manager Users Business Entities
    1Password 15,000,000 [6] 30,000 [6]
    Dashlane 10,000,000 [7] 10,000 [7]
    KeePass 20,000,000 [8] Unknown
    LastPass 16,500,000 [9] 43,000 [9]

    Table 1. Number of private users and business entities of 1Password (all versions), Dashlane, KeePass and LastPass.

    Motivation:

    With the proliferation of online services, password use has gone from about 25 passwords per user in 2007 [10] to 130 in 2015 and is projected to grow to 207 in 2020 [11]. This, combined with a userbase of 60 million across password managers we examine in this paper, creates a target rich environment in which adversaries can carefully craft methods to extract an increasingly growing and valuable trove of secrets and credentials.

    An example in which a password manager appears to have been specifically targeted is an attack that led to the loss of 2578 units of Ethereum (ETH), a cryptocurrency valued at the time of 1.5 million USD. The attack was carried out against a cryptocurrency trading assistant platform, Taylor [12]. Taylor issued a statement that indicated a device which was using 1Password for secrets management was compromised [13]. It remains unclear, whether the attacker found a security issue in 1Password itself or simply discovered the master password in some other way, or whether the compromise had nothing to do with password managers.

    Given the combination of an increasing number of credentials held in password managers, the value of those secrets and the emerging threats specifically targeting password managers it is important for us to examine the increased risk a user or organization faces in terms of secrets exposure when using a password manager. Our approach for this was to survey popular password managers to determine common defenses they employ against secrets exfiltration. We incorporate the best security features of each into a hypothetical, best possible password manager, that provides a minimum set of guarantees outlined in the next section. Then we compare the password managers studied against those security guarantees.

    Password Manager Security Guarantees:

    All password managers studied work in the same basic way. Users enter or generate passwords in the software and add any pertinent metadata (e.g., answers to security questions, and the site the password goes to). This information is encrypted and then decrypted only when it is needed for display, for passing to a browser add-on that fills the password into a website, or for copying to the clipboard for use.

    Throughout this paper we will refer to password managers in three states of existence: not running, unlocked (and running), and locked (and running; this state assumes the password manager was previously unlocked). We assume that the user does not have additional layers of encryption such as full disk encryption or per process virtualization. We define the three states below:

    Not Running

    We define “not running” as a state where the password manager has previously been installed, configured, and interacted with by the user to store secrets, but has not been launched since the last reboot or has been terminated by the user since it was last used.

    In this “not running” state the password manager should guarantee:

    • There should be no data stored on disk that would offer an attacker leverage toward compromising the database stored on disk (e.g. the master password or encryption key stored in a configuration file).
    • Even if an attacker retrieves the password database from disk, it should be encrypted in such a way that an attacker cannot decrypt it without knowing the master password.
    • The encryption should be designed in such a way that, so long as the user did not use a trivial password, the attacker cannot brute force guess the master password in a reasonable amount of time using commonly available computing resources.

    Running: Unlocked State

    We define running in an “unlocked state” as cases where the password manager is running, and where the user has typed in the master password in order to decrypt and access the stored passwords inside the manager. The user may have displayed, copied to clipboard, or otherwise accessed some of the passwords in the password manager.

    In this “running, unlocked state” the password manager should guarantee:

    • It should not be possible to extract the master password from memory, either directly or in any form that allows the original master password to be recovered.
    • For those stored passwords that have not been displayed/copied/accessed by the user since the password manager was unlocked, it should not be possible to extract those unencrypted passwords from memory.

    Knowing usability constraints that affect password managers, we concede that:

    • It may be possible to extract those passwords from memory that were displayed/copied/accessed in the current unlocked session.
    • It may be possible to extract cryptographic information derived from the master password sufficient to decrypt other stored passwords, but not the master password itself.

    Running: Locked State

    We define “in locked state” as cases where (1) the password manager was just launched but the user has not entered the master password yet, or (2) the user previously entered the master password and used the password manager, but subsequently clicked the ‘Lock’ or ‘Log Out’ button.

    In this “running, locked state” the password manager should guarantee:

    • All the security guarantees of a not-running password manager should apply to a password manager that is in the locked state.

    Since a locked password manager still exists as a process in virtual memory, this requires additional guarantees:

    • It should not be possible to extract the master password from memory, either directly or in any form that allows the original master password to be recovered.
    • It should not be possible to extract from memory any cryptographic information derived from the master password that might allow passwords to be decrypted without knowing the master password.
    • It should not be possible to extract any unencrypted passwords from memory that are stored in the password manager.

    In addition to these explicit security guarantees, we expect password managers to incorporate additional hardening measures where possible, and to have these hardening measures enabled by default. For example, password managers should attempt to block software keystroke loggers from accessing the master password as it is typed, attempt to limit the exposure of unencrypted passwords left on the clipboard, and take reasonable steps to detect and block modification or patching of the password manager and its supporting libraries that might expose passwords.

    Scope:

    In this paper we will examine the inner workings as they relate to secrets retrieval and storage of 1Password, Dashlane, KeePass and LastPass on the Windows 10 platform (Version 1803 Build 17134.345) using an Intel i7-7700HQ processor. We examine susceptibility of a password manager to secrets exfiltration via examination of the password database on disk; memory forensics; and finally, keylogging, clipboard monitoring, and binary modification. Each password manager is examined in its default configuration after install with no advanced configuration steps performed.

    The focus on our evaluation of password managers is limited to the Windows platform. Our findings can be extrapolated to password manager implementations in other operating systems to guide research to areas of interest that are discussed in this paper.

    Target Password Managers:

    The following password managers with their corresponding versions were evaluated:

    Product Version
    1Password4 for Windows 4.6.2.626
    1Password7 for Windows 7.2.576
    Dashlane for Windows 6.1843.0
    KeePass Password Safe 2.40
    LastPass for Applications 4.1.59

    Security of Password Managers in the Non-Running State

    We first consider the security of password managers when they are not running. We focus on the attack vector of compromising passwords from disk. Unless password managers have severe vulnerabilities such as logging passwords to unencrypted log files or other egregious issues, the password managers’ defenses against the disk attack surface rest on the cryptography used to protect the password database. Here, we examine which algorithm each password manager uses to transform the master password into an encryption key, and whether the algorithm and number of iterations is severely lacking in its ability to resist contemporary cracking attacks.

    Table 2, below, outlines the key expansion algorithm type used and number of iterations in each password manager’s default configuration. With regard to key expansion recommendations set by NIST [14]we found that each key expansion algorithm used in the password managers was acceptable and that the number of iterations adequate. We concluded that the password managers were secure against compromising passwords from disk as the software is not running, and that brute forcing the encrypted password entries on disk would be computationally prohibitive, although not impossible if given enough computing resources. Given this, we moved on to the attack surface of passwords stored in memory while the password managers are running.

    Password Manager Key Expansion Algorithm Iterations
    1Password4 PBKDF2-SHA256 40,000 [15]
    1Password7 PBKDF2-SHA256 100,000 [16]
    Dashlane Argon2 3 [17]
    KeePass AES-KDF 60,000 [18]
    LastPass PBKDF2-SHA256 100,100 [19]

    Table 2. Each password managers default key expansion algorithm and number of iterations.

    Security of Password Managers in Running States

    We expected and found that all password managers reviewed sufficiently protect the master password and individual passwords while they are not running. The remaining bulk of our assessment of password managers in the running state was focused on the effectiveness of the locked state and whether the unlocked state left the minimum possible amount of sensitive information in memory. The following sections outline violations of our proposed security guarantees of password managers in a running locked and unlocked state.


    Read more: Password Managers: Under the Hood of Secrets Management - Independent Security Evaluators
    Brink's Avatar Posted By: Brink
    20 Feb 2019


  1. Steve C
    Posts : 7,895
    Windows 11 Pro 64 bit
       New #1

    I've always been wary of password managers and I'm pleased I never used one.
    Last edited by Steve C; 21 Feb 2019 at 03:53.
      My Computers
    Quote Quote

  3. dalchina
    Posts : 42,919
    Win 10 Pro (22H2) (2nd PC is 22H2)
       New #2

    You can start with thinking they are a great advantage for non-critical sites- speed of login with 1 click open browser, launch site and autofill, no need to remember the data.

    Moving on to financial sites, I now keep part of the data - for one field- separate from the password manager. This is easy to do when 2 stage logins are used by the site.

    UK banks have increasingly deployed a separate keypad, so to be able to log in and undertake significant transactions or changes, you must use this either as part of the login procedure, or subsequently, depending on the bank. Thus some banks operate almost on a 'view only' basis without this, others always require using it as part of the login procedure.

    A number of banks also require verification of some activities by automated phone or text.

    However, whilst banks are quite strongly protected, many other types of financial sites exist, and I've not seen one yet that has 2 factor authentication (requiring some other means of verification than id, password and perhaps some other verification question, all of which could be held in a password manager, and so make you potentially vulnerable).

    Personally I couldn't manage without one, in terms of time saving and sharing data across devices. However, entrusting everything to one system for critical sites would seem unwise.
    Last edited by dalchina; 21 Feb 2019 at 04:44.
      My Computers
    Quote Quote

  4. dencal
    Posts : 3,105
    W10 Pro + W10 Preview
       New #3

    There is already a built in Password Manager in Windows 10.
    Its called Web Credentials.
      My Computers
    Quote Quote

  6. essenbe
    Posts : 12,801
    Windows 11 Pro
       New #4

    I follow many of the procedures dalchina does. I still believe you are much better off with a password manager than without one. I also use 2FA with my password manager.

    I contend there is nothing 100% safe. When 12 year old kids are breaking into the FBI and CIA, we don't stand a chance no matter what we do. We can only make it as difficult as possible. Unfortunately, we live in that sort of world.
      My Computer
    Quote Quote

  7. Cr00zng
    Posts : 750
    Windows 10 Pro 64-bits
       New #5

    Quote from the OP:

    It remains unclear, whether the attacker found a security issue in 1Password itself or simply discovered the master password in some other way, or whether the compromise had nothing to do with password managers.
    My guess... It had nothing to do with the password manager and more to do with the Clipboard, more specifically with Clipboard history. With a few exception, it's hard to remember every passwords that one may have. As such, copy/paste is pretty much routine for entering passwords. I am not certain that password manager may use the same method in the background, if and when auto-fill is selected.

    Clipboard is a target for a number of malware and for this and another reasons, mine is disabled:

    Password Managers Vulnerabilities - Under Hood of Secrets Management-clipboard.jpg

    I am with essenbe... It's nearly impossible to avoid a password manager. As long as sensitive access, such as financial, government, etc., have 2FA, password manager is a ok. Mine is Password Safe that locks local DB on minimize and/or 10 minutes inactivity; it also scrapes the copied password from memory after ten minutes...
      My Computer
    Quote Quote

  8. Golden
    Posts : 1,656
    Windows 10 Pro x64
       New #6

    essenbe said:
    I still believe you are much better off with a password manager than without one.
    I absolutely agree with this.

    The real issue, which I think has been missed on other discussions I've followed on this report, is not the way password managers manage the scrubbing of memory, but the fact that the system on which is running is compromised to the point that the memory can be accessed in the first place.

    I use BitWarden, and it scrubs memory when it is locked (on a time-out) or closed (browser closed/system sleep/hibernate/shutdown).
      My Computers
    Quote Quote

  9. Golden
    Posts : 1,656
    Windows 10 Pro x64
       New #7

    And some responses...

    Password Manager Firms Blast Back at ‘Leaky Password’ Revelations | Threatpost | The first stop for security news
      My Computers
    Quote Quote

  10. Try3
    Posts : 16,910
    Windows 10 Home x64 Version 22H2 Build 19045.4170
       New #8

    You might find parts of this earlier discussion of interest as well
    Password Managers Newbie Re: Password Safe - TenForums

    Denis
      My Computer
    Quote Quote

  12. Cliff S
    Posts : 27,180
    Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       New #9

    This is my password manager (You can always use KeyScrammbler to hide your keystrokes in the browser too):

    The Most Effective Anti-Keylogging Software
    Password Managers Vulnerabilities - Under Hood of Secrets Management-win_20190223_07_08_23_pro.jpg
      My Computers
    Quote Quote

 

  Related Discussions
Good Password Managers
in AntiVirus, Firewalls and System Security

A year or so ago I spent some time looking at password managers. Mostly Dashlane, Lastpass and Bitwarden. I tossed Bitwarden because of some of the things it didn't do well (which I cannot recall what any more), and got down to Lastpass and...
Password Managers - Better than a Post-It?
in AntiVirus, Firewalls and System Security

I’ve looked at some discussions here and elsewhere, and my wife hit me with a question last night… You follow the clamor saying you need a password manager – presume Dashlane or Lastpass or something equivalent. HOPEFULLY, you find one that HAS...
Source: Chromium Blog: Seamless payments and password management in Chrome
Password managers are getting expensive!
in AntiVirus, Firewalls and System Security

My first year of Lastpass was $12, then it jumped to $24, now they want me to pay a whopping $36 for one year:mad: Dashlane wants around $60, and Keeper just offered me a year for $25, BUT, they want another $10 for storage:eek: Is there a...
https://www.pwsafe.org/ I have never used one before but am getting to the point where it seems like it might be a good idea. I did a cursory look on TenForums but it was inconclusive: https://www.tenforums.com/search.php?searchid=11357568 ...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 08:11.
Find Us




Windows 10 Forums