Password Managers Vulnerabilities - Under Hood of Secrets Management

Page 1 of 3 123 LastLast
  1. Brink's Avatar
    Posts : 37,014
    64-bit Windows 10 Pro build 18860
       #1

    Password Managers Vulnerabilities - Under Hood of Secrets Management


    Abstract:

    Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose security guarantees password managers should offer and examine the underlying workings of five popular password managers targeting the Windows 10 platform: 1Password 7 [1], 1Password 4 [1], Dashlane [2], KeePass [3], and LastPass [4]. We anticipated that password managers would employ basic security best practices, such as scrubbing secrets from memory when they are not in use and sanitization of memory once a password manager was logged out and placed into a locked state. However, we found that in all password managers we examined, trivial secrets extraction was possible from a locked password manager, including the master password in some cases, exposing up to 60 million users that use the password managers in this study to secrets retrieval from an assumed secure locked state.

    Introduction:

    First and foremost, password managers are a good thing. All password managers we have examined add value to the security posture of secrets management, and as Troy Hunt, an active security researcher once wrote, “Password managers don’t have to be perfect, they just have to be better than not having one” [5]. Aside from being an administrative tool to allow users to categorize and better manage their credentials, password managers guide users to avoid bad password practices such as using weak passwords, common passwords, generic passwords, and password reuse.

    The tradeoff is that users’ credentials are then centrally stored and managed, typically protected by a single master password to unlock a password manager data store. With the rising popularity of password manager use it is safe to assume that adversarial activity will target the growing user base of these password managers. Table 1, below, outlines the number of individual users and business entities for each of the password managers we examine in this paper.

    Password Manager Users Business Entities
    1Password 15,000,000 [6] 30,000 [6]
    Dashlane 10,000,000 [7] 10,000 [7]
    KeePass 20,000,000 [8] Unknown
    LastPass 16,500,000 [9] 43,000 [9]

    Table 1. Number of private users and business entities of 1Password (all versions), Dashlane, KeePass and LastPass.

    Motivation:

    With the proliferation of online services, password use has gone from about 25 passwords per user in 2007 [10] to 130 in 2015 and is projected to grow to 207 in 2020 [11]. This, combined with a userbase of 60 million across password managers we examine in this paper, creates a target rich environment in which adversaries can carefully craft methods to extract an increasingly growing and valuable trove of secrets and credentials.

    An example in which a password manager appears to have been specifically targeted is an attack that led to the loss of 2578 units of Ethereum (ETH), a cryptocurrency valued at the time of 1.5 million USD. The attack was carried out against a cryptocurrency trading assistant platform, Taylor [12]. Taylor issued a statement that indicated a device which was using 1Password for secrets management was compromised [13]. It remains unclear, whether the attacker found a security issue in 1Password itself or simply discovered the master password in some other way, or whether the compromise had nothing to do with password managers.

    Given the combination of an increasing number of credentials held in password managers, the value of those secrets and the emerging threats specifically targeting password managers it is important for us to examine the increased risk a user or organization faces in terms of secrets exposure when using a password manager. Our approach for this was to survey popular password managers to determine common defenses they employ against secrets exfiltration. We incorporate the best security features of each into a hypothetical, best possible password manager, that provides a minimum set of guarantees outlined in the next section. Then we compare the password managers studied against those security guarantees.

    Password Manager Security Guarantees:

    All password managers studied work in the same basic way. Users enter or generate passwords in the software and add any pertinent metadata (e.g., answers to security questions, and the site the password goes to). This information is encrypted and then decrypted only when it is needed for display, for passing to a browser add-on that fills the password into a website, or for copying to the clipboard for use.

    Throughout this paper we will refer to password managers in three states of existence: not running, unlocked (and running), and locked (and running; this state assumes the password manager was previously unlocked). We assume that the user does not have additional layers of encryption such as full disk encryption or per process virtualization. We define the three states below:

    Not Running

    We define “not running” as a state where the password manager has previously been installed, configured, and interacted with by the user to store secrets, but has not been launched since the last reboot or has been terminated by the user since it was last used.

    In this “not running” state the password manager should guarantee:

    • There should be no data stored on disk that would offer an attacker leverage toward compromising the database stored on disk (e.g. the master password or encryption key stored in a configuration file).
    • Even if an attacker retrieves the password database from disk, it should be encrypted in such a way that an attacker cannot decrypt it without knowing the master password.
    • The encryption should be designed in such a way that, so long as the user did not use a trivial password, the attacker cannot brute force guess the master password in a reasonable amount of time using commonly available computing resources.

    Running: Unlocked State

    We define running in an “unlocked state” as cases where the password manager is running, and where the user has typed in the master password in order to decrypt and access the stored passwords inside the manager. The user may have displayed, copied to clipboard, or otherwise accessed some of the passwords in the password manager.

    In this “running, unlocked state” the password manager should guarantee:

    • It should not be possible to extract the master password from memory, either directly or in any form that allows the original master password to be recovered.
    • For those stored passwords that have not been displayed/copied/accessed by the user since the password manager was unlocked, it should not be possible to extract those unencrypted passwords from memory.

    Knowing usability constraints that affect password managers, we concede that:

    • It may be possible to extract those passwords from memory that were displayed/copied/accessed in the current unlocked session.
    • It may be possible to extract cryptographic information derived from the master password sufficient to decrypt other stored passwords, but not the master password itself.

    Running: Locked State

    We define “in locked state” as cases where (1) the password manager was just launched but the user has not entered the master password yet, or (2) the user previously entered the master password and used the password manager, but subsequently clicked the ‘Lock’ or ‘Log Out’ button.

    In this “running, locked state” the password manager should guarantee:

    • All the security guarantees of a not-running password manager should apply to a password manager that is in the locked state.

    Since a locked password manager still exists as a process in virtual memory, this requires additional guarantees:

    • It should not be possible to extract the master password from memory, either directly or in any form that allows the original master password to be recovered.
    • It should not be possible to extract from memory any cryptographic information derived from the master password that might allow passwords to be decrypted without knowing the master password.
    • It should not be possible to extract any unencrypted passwords from memory that are stored in the password manager.

    In addition to these explicit security guarantees, we expect password managers to incorporate additional hardening measures where possible, and to have these hardening measures enabled by default. For example, password managers should attempt to block software keystroke loggers from accessing the master password as it is typed, attempt to limit the exposure of unencrypted passwords left on the clipboard, and take reasonable steps to detect and block modification or patching of the password manager and its supporting libraries that might expose passwords.

    Scope:

    In this paper we will examine the inner workings as they relate to secrets retrieval and storage of 1Password, Dashlane, KeePass and LastPass on the Windows 10 platform (Version 1803 Build 17134.345) using an Intel i7-7700HQ processor. We examine susceptibility of a password manager to secrets exfiltration via examination of the password database on disk; memory forensics; and finally, keylogging, clipboard monitoring, and binary modification. Each password manager is examined in its default configuration after install with no advanced configuration steps performed.

    The focus on our evaluation of password managers is limited to the Windows platform. Our findings can be extrapolated to password manager implementations in other operating systems to guide research to areas of interest that are discussed in this paper.

    Target Password Managers:

    The following password managers with their corresponding versions were evaluated:

    Product Version
    1Password4 for Windows 4.6.2.626
    1Password7 for Windows 7.2.576
    Dashlane for Windows 6.1843.0
    KeePass Password Safe 2.40
    LastPass for Applications 4.1.59

    Security of Password Managers in the Non-Running State

    We first consider the security of password managers when they are not running. We focus on the attack vector of compromising passwords from disk. Unless password managers have severe vulnerabilities such as logging passwords to unencrypted log files or other egregious issues, the password managers’ defenses against the disk attack surface rest on the cryptography used to protect the password database. Here, we examine which algorithm each password manager uses to transform the master password into an encryption key, and whether the algorithm and number of iterations is severely lacking in its ability to resist contemporary cracking attacks.

    Table 2, below, outlines the key expansion algorithm type used and number of iterations in each password manager’s default configuration. With regard to key expansion recommendations set by NIST [14]we found that each key expansion algorithm used in the password managers was acceptable and that the number of iterations adequate. We concluded that the password managers were secure against compromising passwords from disk as the software is not running, and that brute forcing the encrypted password entries on disk would be computationally prohibitive, although not impossible if given enough computing resources. Given this, we moved on to the attack surface of passwords stored in memory while the password managers are running.

    Password Manager Key Expansion Algorithm Iterations
    1Password4 PBKDF2-SHA256 40,000 [15]
    1Password7 PBKDF2-SHA256 100,000 [16]
    Dashlane Argon2 3 [17]
    KeePass AES-KDF 60,000 [18]
    LastPass PBKDF2-SHA256 100,100 [19]

    Table 2. Each password managers default key expansion algorithm and number of iterations.

    Security of Password Managers in Running States

    We expected and found that all password managers reviewed sufficiently protect the master password and individual passwords while they are not running. The remaining bulk of our assessment of password managers in the running state was focused on the effectiveness of the locked state and whether the unlocked state left the minimum possible amount of sensitive information in memory. The following sections outline violations of our proposed security guarantees of password managers in a running locked and unlocked state.


    Read more: Password Managers: Under the Hood of Secrets Management - Independent Security Evaluators
      My ComputersSystem Spec

  2.    #1

    I've always been wary of password managers and I'm pleased I never used one.
    Last edited by Steve C; 4 Weeks Ago at 03:53.
      My ComputersSystem Spec

  3.    #2

    You can start with thinking they are a great advantage for non-critical sites- speed of login with 1 click open browser, launch site and autofill, no need to remember the data.

    Moving on to financial sites, I now keep part of the data - for one field- separate from the password manager. This is easy to do when 2 stage logins are used by the site.

    UK banks have increasingly deployed a separate keypad, so to be able to log in and undertake significant transactions or changes, you must use this either as part of the login procedure, or subsequently, depending on the bank. Thus some banks operate almost on a 'view only' basis without this, others always require using it as part of the login procedure.

    A number of banks also require verification of some activities by automated phone or text.

    However, whilst banks are quite strongly protected, many other types of financial sites exist, and I've not seen one yet that has 2 factor authentication (requiring some other means of verification than id, password and perhaps some other verification question, all of which could be held in a password manager, and so make you potentially vulnerable).

    Personally I couldn't manage without one, in terms of time saving and sharing data across devices. However, entrusting everything to one system for critical sites would seem unwise.
    Last edited by dalchina; 4 Weeks Ago at 04:44.
      My ComputersSystem Spec

  4. dencal's Avatar
    Posts : 2,868
    W10 Pro + W10 Preview
       #3

    There is already a built in Password Manager in Windows 10.
    Its called Web Credentials.
      My ComputersSystem Spec

  5. essenbe's Avatar
    Posts : 11,791
    Windows 10 Pro and Windows 10 Pro Insider
       #4

    I follow many of the procedures dalchina does. I still believe you are much better off with a password manager than without one. I also use 2FA with my password manager.

    I contend there is nothing 100% safe. When 12 year old kids are breaking into the FBI and CIA, we don't stand a chance no matter what we do. We can only make it as difficult as possible. Unfortunately, we live in that sort of world.
      My ComputersSystem Spec

  6.    #5

    Quote from the OP:

    It remains unclear, whether the attacker found a security issue in 1Password itself or simply discovered the master password in some other way, or whether the compromise had nothing to do with password managers.
    My guess... It had nothing to do with the password manager and more to do with the Clipboard, more specifically with Clipboard history. With a few exception, it's hard to remember every passwords that one may have. As such, copy/paste is pretty much routine for entering passwords. I am not certain that password manager may use the same method in the background, if and when auto-fill is selected.

    Clipboard is a target for a number of malware and for this and another reasons, mine is disabled:

    Click image for larger version. 

Name:	clipboard.jpg 
Views:	93 
Size:	20.0 KB 
ID:	225056

    I am with essenbe... It's nearly impossible to avoid a password manager. As long as sensitive access, such as financial, government, etc., have 2FA, password manager is a ok. Mine is Password Safe that locks local DB on minimize and/or 10 minutes inactivity; it also scrapes the copied password from memory after ten minutes...
      My ComputerSystem Spec

  7.    #6

    essenbe said: View Post
    I still believe you are much better off with a password manager than without one.
    I absolutely agree with this.

    The real issue, which I think has been missed on other discussions I've followed on this report, is not the way password managers manage the scrubbing of memory, but the fact that the system on which is running is compromised to the point that the memory can be accessed in the first place.

    I use BitWarden, and it scrubs memory when it is locked (on a time-out) or closed (browser closed/system sleep/hibernate/shutdown).
      My ComputersSystem Spec

  8.   My ComputersSystem Spec


  9. Posts : 1,338
    Windows 10 Home x64 and Pro x86
       #8

    You might find parts of this earlier discussion of interest as well
    Password Managers Newbie Re: Password Safe - TenForums

    Denis
      My ComputerSystem Spec

  10. Cliff S's Avatar
    Posts : 23,457
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       #9

    This is my password manager (You can always use KeyScrammbler to hide your keystrokes in the browser too):

    The Most Effective Anti-Keylogging Software
    Click image for larger version. 

Name:	WIN_20190223_07_08_23_Pro.jpg 
Views:	0 
Size:	131.4 KB 
ID:	225222
      My ComputersSystem Spec


 
Page 1 of 3 123 LastLast

Related Threads
https://www.pwsafe.org/ I have never used one before but am getting to the point where it seems like it might be a good idea. I did a cursory look on TenForums but it was inconclusive: https://www.tenforums.com/search.php?searchid=11357568 ...
There are those among us who can use this product, i.e.practically all of us. Free ebook: Windows 10 IT Pro Essentials Support Secrets This ebook is for Win 10 including the Anniversary update Final Preview Version 1607 Free ebook:...
Read more: Under the hood of Microsoft's Windows Subsystem for Linux | ZDNet How to Enable or Disable Bash on Ubuntu on Windows 10 How to Create a Bash on Ubuntu on Windows 10 shortcut
Read more: Windows 10 telemetry secrets: Where, when, and why Microsoft collects your data | ZDNet
Several Managers not working anymore in Performance & Maintenance
Hey there! Since today I have a problem, some programs are just not starting anymore. For example, there would be the Device Manager, the Event Manager, Computermanagement. It just shows the loading mouse for one or two seconds, but nothing...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 19:57.
Find Us