Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent byte-by-byte and attachment inference side channel attacks #10266

Merged
merged 1 commit into from
Mar 9, 2024

Conversation

droidmonkey
Copy link
Member

@droidmonkey droidmonkey commented Feb 4, 2024

Attack - KeeShare attachments can be inferred because of attachment de-duplication.

Solution - Prevent de-duplication of normal database entry attachments with those entry attachments synchronized/associated with a KeeShare database. This is done using the KeeShare database UUID injected into the hash calculation of the attachment prior to de-dupe. The attachments themselves are not modified in any way.


Attack - Side channel byte-by-byte inference due to compression de-duplication of data between a KeeShare database and it's parent.

Solution - Generate a random array between 64 and 512 bytes, convert to hex, and store in the database custom data.


Attack vector assumptions:

  1. Compression is enabled
  2. The attacker has access to a KeeShare database actively syncing with the victim's database
  3. The victim's database is unlocked and syncing
  4. The attacker can see the exact size of the victim's database after saving, and syncing, the KeeShare database

Thank you to Andrés Fábrega from Cornell University for theorizing and informing us of this attack vector.

Type of change

  • ✅ Bug fix (non-breaking change that fixes an issue)

@droidmonkey droidmonkey added this to the v2.8.0 milestone Feb 4, 2024
@droidmonkey droidmonkey requested a review from phoerious February 4, 2024 03:24
@phoerious phoerious force-pushed the fix/security-enhancer branch from 8b96d57 to bd7d64a Compare February 4, 2024 21:10
Copy link

codecov bot commented Feb 4, 2024

Codecov Report

Attention: Patch coverage is 98.43750% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 63.75%. Comparing base (e700195) to head (dccf0e0).

Files Patch % Lines
src/format/KdbxXmlWriter.cpp 97.14% 1 Missing ⚠️
Additional details and impacted files
@@             Coverage Diff             @@
##           develop   #10266      +/-   ##
===========================================
+ Coverage    63.64%   63.75%   +0.11%     
===========================================
  Files          362      362              
  Lines        43954    43997      +43     
===========================================
+ Hits         27972    28047      +75     
+ Misses       15982    15950      -32     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@phoerious phoerious force-pushed the fix/security-enhancer branch from bd7d64a to e59f4ae Compare February 4, 2024 21:37
@droidmonkey droidmonkey force-pushed the fix/security-enhancer branch from e59f4ae to c5221df Compare February 6, 2024 12:07
@droidmonkey droidmonkey changed the title Prevent byte-by-byte side channel attacks Prevent byte-by-byte and attachment inference side channel attacks Feb 6, 2024
@droidmonkey
Copy link
Member Author

@phoerious I think this is ready to merge

@droidmonkey droidmonkey force-pushed the fix/security-enhancer branch from c5221df to 14ec652 Compare February 7, 2024 18:37
@droidmonkey droidmonkey force-pushed the fix/security-enhancer branch from 14ec652 to 9b65ed8 Compare March 9, 2024 16:50
Attack - KeeShare attachments can be inferred because of attachment de-duplication.

Solution - Prevent de-duplication of normal database entry attachments with those entry attachments synchronized/associated with a KeeShare database. This is done using the KeeShare database UUID injected into the hash calculation of the attachment prior to de-dupe. The attachments themselves are not modified in any way.

--------

Attack - Side channel byte-by-byte inference due to compression de-duplication of data between a KeeShare database and it's parent.

Solution - Generate a random array between 64 and 512 bytes, convert to hex, and store in the database custom data.

--------

Attack vector assumptions:
1. Compression is enabled
2. The attacker has access to a KeeShare database actively syncing with the victim's database
3. The victim's database is unlocked and syncing
4. The attacker can see the exact size of the victim's database after saving, and syncing, the KeeShare database

Thank you to Andrés Fábrega from Cornell University for theorizing and informing us of this attack vector.
@droidmonkey droidmonkey force-pushed the fix/security-enhancer branch from 9b65ed8 to dccf0e0 Compare March 9, 2024 17:23
@droidmonkey droidmonkey merged commit 72fc006 into develop Mar 9, 2024
11 checks passed
@droidmonkey droidmonkey deleted the fix/security-enhancer branch March 9, 2024 17:39
@droidmonkey droidmonkey added the pr: backported Pull request backported to previous release label Mar 9, 2024
libf-de pushed a commit to libf-de/keepassxc-secretservice-dbus that referenced this pull request Mar 11, 2024
Release 2.7.7

- Support USB Hotplug for Hardware Key interface [keepassxreboot#10092]
- Support 1PUX and Bitwarden import [keepassxreboot#9815]
- Browser: Add support for PassKeys [keepassxreboot#8825, keepassxreboot#9987, keepassxreboot#10318]
- Build System: Move to vcpkg manifest mode [keepassxreboot#10088]

- Fix multiple TOTP issues [keepassxreboot#9874]
- Fix focus loss on save when the editor is not visible anymore [keepassxreboot#10075]
- Fix visual when removing entry from history [keepassxreboot#9947]
- Fix first entry is not selected when a search is performed [keepassxreboot#9868]
- Prevent scrollbars on entry drag/drop [keepassxreboot#9747]
- Prevent duplicate characters in "Also choose from" field of password generator  [keepassxreboot#9803]
- Security: Prevent byte-by-byte and attachment inference side channel attacks [keepassxreboot#10266]
- Browser: Fix raising Update Entry messagebox [keepassxreboot#9853]
- Browser: Fix bugs when returning credentials [keepassxreboot#9136]
- Browser: Fix crash on database open from browser [keepassxreboot#9939]
- Browser: Fix support for referenced URL fields [keepassxreboot#8788]
- MacOS: Fix crash when changing highlight/accent color [keepassxreboot#10348]
- MacOS: Fix TouchID appearing even though lid is closed [keepassxreboot#10092]
- Windows: Fix terminating KeePassXC processes with MSI installer [keepassxreboot#9822]
- FdoSecrets: Fix database merge crash when enabled [keepassxreboot#10136]

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEENIkEDB8MPuq41ValRA/GXy4MbgEFAmXs7VsACgkQRA/GXy4M
# bgHLpwf/brnyPPs3gJxZmD2pn8542D4CCsDh0fTceurOtqCe3J4Y+Fftc5euuoQu
# 6rP4vJdd586l7JX5FnYIPXvGiU9op3MudJh+y+RN/PWwKcXNIXfUItMhpZEka49n
# xnw+Wvbilg1QIHSSmZdIjBpohnEkA67qhWauc3bCacrRyEvIOzVMTxnqDTe4GUDy
# CyauaRMMKezRTpLxSsk63TDAZZgDwK4ci5lC6ysHekc1Za6IbI3fMFjz1BGj+kPU
# tMHMfDCWqK/5JZ27ZWcxy7m8tJY9m3rb+MoCyFRQz9ixaEe29yf5NqYdm9sn1Dlh
# O7aFi7/EJtsBlXdguw5BcTPbsL7XEQ==
# =Cots
# -----END PGP SIGNATURE-----
# gpg: directory '/home/runner/.gnupg' created
# gpg: keybox '/home/runner/.gnupg/pubring.kbx' created
# gpg: Signature made Sat Mar  9 23:14:35 2024 UTC
# gpg:                using RSA key 3489040C1F0C3EEAB8D556A5440FC65F2E0C6E01
# gpg: Can't check signature: No public key
@darix
Copy link

darix commented Mar 11, 2024

could you clarify which releases are affected?

@droidmonkey
Copy link
Member Author

Anything less than 2.7.7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
pr: backported Pull request backported to previous release security
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants