Passbolt Web Extension version v1 does not use a cryptographically secure pseudo random generator when automatically generating random passwords for the user.
Attack vector / exploitation
An attacker running a malicious script running on the same page (and theoretically in another tab/extension), could try to guess the possible PRNG seed values to predict the result of the unsecure random calls that are used to seed passbolt password generator.
The attacker would need to have a malicious script running on the page and know the time the password generation button is pressed for this attack to be exploitable in practice. This would still not provide the generated password to the attacker, but a list of possible values that could be used as part of a brute force attack.
This issue was found and reported by Matthias vd Meent.
How did you fix this?
The function used secretComplexity.generate() uses the Math.random method it should have been using window.crypto.genRandomValues() instead, like in the rest of the code
Do I need to change my passwords?
Even considering the low exploitability of this vulnerability, we still recommend to rotate the passwords that were generated by passbolt.
Are other part of the code affected?
Other part of the code using PRNG (such as the secret Key generator during the setup) are not affected, as they already use a secure PRNG.
- 2018-05-07 17:00 CET: Vulnerability details sent by reporter.
- 2018-05-07 17:00 CET: We acknowledge the issue, start working on a fix and start looking for similar issues in other part of the code.
- 2018-05-08 08:30 CET: We release a fix on passbolt development repository and start testing with continuous integration tools.
- 2018-05-08 09:00 PM CET: We deploy a fix on chrome and firefox web extension stores.
- 2018-05-08 12:00 PM CET: We notify the reporter that a fix has been deployed.
- 2018-05-08 12:00 PM CET: We publish the fix on github, the release notes and this report.