|
|
|
|
|
|
by kenniskrag
122 days ago
|
|
|
> Much like the other products we analyse, 1Password lacks
authentication of public keys. This trivially enables sharing
attacks similar to BW09, LP07 and DL02, something that the
1Password whitepaper... > IMPACT. Complete compromise of vault confidentiality and
integrity. The adversary can read and decrypt all vault con-
tents encrypted after the attack, including passwords, credit
card information, secure notes, and other sensitive data stored
in the vault. Similarly, they can inject new items into the vault
after the attack.
REQUIREMENTS. The client fetches key material from the
server, for example due to the user logging in on a new device.
If executed on a non-empty vault, the attack results in the
client losing access to all items already in their vault, while
leaking any new items added to the vault after the attack took
place. If the attack is executed at the time of vault creation,
the attack is effectively undetectable by the client, since it
cannot distinguish between a ciphertext it created and the
ciphertext created by the server during the attack.
PROPOSED MITIGATION. A straightforward mitigation is to
have the client sign vault keys using the RSA private key in
the keyset before encrypting them with the RSA public key.
Ideally, two different key pairs would be used for... from the paper: https://eprint.iacr.org/2026/058.pdf |
|
|