Issue metadata
Sign in to add a comment
|
Security: Proxy settings persists from guest mode
Reported by
resea...@nightwatchcybersecurity.com,
Jul 12 2016
|
||||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS Setting a proxy for a network in guest mode persists even after guest mode. This is for both entering a proxy in the network settings or entering a Proxy auto config file path (PAC). This affects ChromeOS on the login screen until the user either logs in or enters guest mode. We saw the following URLs: http://www.gstatic.com/generate_204 http://clients1.google.com/tools/pso/ping?as=chromeos&brand=ACAC&pid=&hl=en&events=CAI,CBI,CCI,CAS,CCS&rep=2&rlz=CA:,CB:,CC: http://www.gstatic.com/chrome/crlset/3118/crl-set-14826047662225654750.crx.data If a proxy is setup for all protocols, even SSL traffic was observed going through the proxy although it will probably will use CA verification to avoid MITM. VERSION Chrome Version: 51.0.2704.106 (stable) Operating System: ChromeOS 8172.62.0 (stable) REPRODUCTION CASE 1. Setup a proxy on the local LAN. 2. Login as guest. 2. Set a proxy in the shared network pointing to the proxy. 3. Restart but do not login. 4. Observe proxy calls. Alternatively, you can put in a PAC file and observe requests to it after reboot. (somewhat related to https://bugs.chromium.org/p/chromium/issues/detail?id=600194)
,
Jul 13 2016
CC-ing some net OWNERS.
,
Jul 13 2016
I don't think the network stack team owns the proxy configuration UI on ChromeOS - on all other platforms, we use the platform config, so this is unique ChromeOS code, and unique ChromeOS UI, none of it in net/, ProfileIOData, or IOThread.
,
Jul 13 2016
,
Jul 13 2016
To clarify - the proxy settings only persist during the login screen, once a user logs in or the guest logs the proxy settings become disabled. But they do persist even after a reboot.
,
Jul 14 2016
,
Jul 14 2016
,
Jul 15 2016
bartfab@ and wad@, I wonder if you have insight about this. Thanks1
,
Jul 18 2016
ping
,
Jul 18 2016
,
Jul 19 2016
,
Jul 19 2016
,
Jul 19 2016
This is very similar to #600195, except that the other one persists even after login.
,
Jul 21 2016
,
Jul 21 2016
I don't work on Chrome OS anymore. Adjusting tags to make sure this gets picked up by our triage rotation.
,
Aug 9 2016
Closing WAI per https://bugs.chromium.org/p/chromium/issues/detail?id=600195#c13
,
Aug 9 2016
Issue 600195 is security restricted (As is this one). If both are WAI, should probably open them up to the public.
,
Aug 9 2016
Yup, I forgot to lift the restriction. Fixed.
,
Mar 9 2017
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by resea...@nightwatchcybersecurity.com
, Jul 12 2016