New issue
Advanced search Search tips

Issue 678171 link

Starred by 7 users
Status: WontFix
Owner: ----
Closed: Jan 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Anyone can decrypt password and see it as plain text from out of Chrome.

Reported by rvvfake....@gmail.com, Jan 4 2017 
Hello. I'm Aona.
I am not an expert. Go easy on me please.

# Overview
Chrome uses CryptProtectData and CryptUnprotectData functions for password encrypt on local storage. This is provided by Windows API and It secure on terms of design. However, There is a problem with usage chrome side and anyone can see password saved local storage as plain text.
CryptProtectData and CryptUnprotectData functions should be used pPromptStruct or pOptionalEntropy. When these are used, anyone probably becomes difficult to see.
In addition, It is limited to Windows.

# Tested environment
Tested with Windows 10 and Visual C++/C# 2015.
Google Chrome v55.0.2883.87

# Details
Chrome uses CryptProtectData and CryptUnprotectData functions for password encrypt on local storage.

[chrome/browser/password_manager/encryptor_win.cc]
36| BOOL result = CryptProtectData(&input, L"", NULL, NULL, NULL,  0, &output);
57| BOOL result = CryptUnprotectData(&input, NULL, NULL, NULL, NULL, 0, &output);

This is provided by Windows API and It secure on terms of design. However, the third argument or the fifth argument are NULL.
The third argument is [DATA_BLOB *pOptionalEntropy]. This is a unique value that can be set by the application.  When this is set, the password is not decrypted if Entropy does not match.
The fifth argument is [CRYPTPROTECT_PROMPTSTRUCT *pPromptStruct]. If this is set, Windows shows password dialog for encrypt/decrypt. The password is not decrypted if password of pPromptStruct does not match.

If these are NULL, anyone can decrypt encrypted data to just use CryptUnprotectData.
1. Get a password data from Local Storage("Login Data" file).
2. Passes the password to CryptUnprotectData.
3. Can get password as plain text.

This is a very serious problem. If there are some malwares included that code, they can get many users password as plain text.

However, pPromptStruct is hard to use because it is not user friendly. So I think that should use pOptionalEntropy as MasterPassword or etc.

CryptProtectData function, https://msdn.microsoft.com/en-US/library/windows/desktop/aa380261(v=vs.85).aspx
CryptUnprotectData function, https://msdn.microsoft.com/en-us/library/windows/desktop/aa380882(v=vs.85).aspx

# Sample Code
Please see sample code.
https://gist.github.com/AonaSuzutsuki/4ce40f3f2e3ae0669b91ec9aecc17853


# Finally
I hope to get better more.

Comment 1 by mmoroz@google.com, Jan 4 2017

Cc: vabr@chromium.org
Components: UI>Browser>Passwords
Labels: Needs-Feedback
Hello. Thanks for your report.

Assuming that we have passed pOptionalEntropy during encryption, we need it for decryption then. The question: where and how would you suggest to store that value of pOptionalEntropy to keep it safe from an attacker having an access to victim's files?

If you suggest to have a MasterPassword (I guess that user will have to enter that MasterPassword every time while saving a new password or using already saved one, like it works in password managers), how would you protect that password from an attacker?

Also please take look at Chromium security model, especially on physically-local attacks:
https://dev.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model-

Comment 2 by rvvfake....@gmail.com, Jan 10 2017 

Thanks for replying and sorry for the late reply.

I agree with you.
Masterpassword saved a localfile is needed encrypting and it is also problem.
However, It is problem not to neglect. It will have no meaning even if we prevent physical access.
Data on the server is decrypted, I suspect it is the same thing to decrypt data on the server.
I think that chrome should show a dialog every time if necessary.

There is two suggestion.
First. Could you save masterpasword on your server? I think passwords associated with account is guaranteed. In the first place, I doubt about saving passwords saved on the server to localstorage.
In modern times, computers are almost always connected to the network. I suspect the browser is developed based on it. There is also a function called CryptProtectMemory so please consider it.
However, we cannot perfectly protect local only passwords.

Second. Storing it on the server is the same with first. Allocate ID to a browser, save entropy based on ID, it is saved on server. When a browser create entropy, a browser shows dialog for creating entropy to users, then a browser can decrypt on offline.

Existing browsers have almost the password management function, and they have similar problems. However, the problem is left behind as it is if neglect. Would you mind moving forward? I hope because I like Chrome.
The user is amazingly a beginner. Please protect our passwords.
I hope it will be helpful to you.

Comment 3 by elawrence@chromium.org, Jan 11 2017 

An attacker need not go through the trouble of calling the API directly; given physically-local access to your system (or malware running at user privilege), he can simply navigate Chrome to a page that uses the password, right-click the password field, choose "Inspect Element" and grab the text using the Developer Tools. Or he can open chrome://settings/passwords and click "Show" beside each.

A "Master password" already protects all of your Chrome passwords on Windows. That password is your Windows user account password, which also protects the key used by CryptProtectData.

Comment 4 by rvvfake....@gmail.com, Jan 11 2017 

Thanks for replying.

I know it.
I'm talking about can be decrypted just calling the API from an external application.
I suspect Chrome's dialog for decrypting has no meaning at all for an external application.

Comment 5 by elawrence@chromium.org, Jan 12 2017 

> can be decrypted just calling the API from an external application.

Right, and the point is that a malicious application doesn't even need to call the API, they could simply grab the data out of the Chrome process itself. Further, that would continue to be true even if Chrome started salting the data using the Entropy field in the API.

As Microsoft says in https://technet.microsoft.com/en-us/library/hh278941.aspx:

Law #1: If a bad guy can persuade you to run his program on your computer, it's not solely your computer anymore.
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore.
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.

These facts are why local attacks are outside the scope of browser threat models.

Comment 6 by mbarbe...@chromium.org, Jan 13 2017

Labels: -Restrict-View-SecurityTeam allpublic
Status: WontFix (was: Unconfirmed)
I agree with the points in comments 3 and 5. There's not much we can do here.

Comment 7 by rvvfake....@gmail.com, Jan 20 2017 

Hmm... I didnt know about its page.
If you care about this, it is certain that you will not settle for eternity. There must be a compromise somewhere.
I reported because I was warried about this. I learned a lot, thank you.

Comment 8 by elawrence@chromium.org, Mar 12 2017 

Issue 700738 has been merged into this issue.

Comment 9 by elawrence@chromium.org, Jun 13 2017 

 Issue 732723  has been merged into this issue.

Comment 10 by elawrence@chromium.org, Nov 11 2017 

 Issue 784076  has been merged into this issue.

Comment 11 by vabr@chromium.org, Nov 13 2017

Cc: -vabr@chromium.org
Components: Internals>LocalDataEncryption
Labels: -Needs-Feedback

Comment 12 by elawrence@chromium.org, Jan 14 2018 

 Issue 801876  has been merged into this issue.

Comment 13 by elawrence@chromium.org, Jan 30 2018 

 Issue 807226  has been merged into this issue.

Sign in to add a comment