
MitM Attack against KeePass 2’s Update Check - tdkl
https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/
======
crypt1d
"Received response from Dominik Reichl: The vulnerability will not be fixed.
The indirect costs of switching to HTTPS (like lost advertisement revenue)
make it a inviable solution."

Well the indirect costs of not fixing it just got a lot bigger. Now a lot of
people will realize that their passwords are not as safe as KeePass claims
they are and will switch to a different product. So this way they loose both
their money and their users' trust. Not a very good business decision.

~~~
deftnerd
That response is crazy. If he's so set at keeping the homepage http, then make
a download.keypass.com site and keep the downloads on there, with https
required.

~~~
3pt14159
Eh. Still vulnerable to HSTS attack. To me HTTPS without HSTS is only
protection to programmers. To the public, HTTPS without HSTS protection is
essentially useless against MITM attacks.

------
jc4p
That's wild, I didn't expect any security-centric website in 2016 to be HTTP-
only! The reasoning for not doing it is weird too, they could at the very
least move the update logic over to a separate SSL endpoint.

Anyway, I'm not quite sure on the differences between them but I've been using
KeePassX for years and recommend it thoroughly (as long as you're not looking
for a easily synced or multi-user product):
[https://www.keepassx.org/](https://www.keepassx.org/)

~~~
MrRadar
> That's wild, I didn't expect any security-centric website in 2016 to be
> HTTP-only!

Both of the websites for PuTTY (www.putty.org and www.chiark.greenend.org.uk)
are also non-encrypted. At least the downloads are hosted on a third server
(the.earth.li) which does use HTTPS and 2048-bit GPG signatures are provided.

~~~
fanf2
putty.org is not owned by the PuTTY developers; after some arguments the two
parties came to an agreement about the use of the domain name, but you should
not trust putty.org.

------
nwah1
I was always skeptical of KeePass which is why I've been using KeePassX. It is
just a simple Qt app.

Unfortunately there is no KeePassHttp support yet, so you can't hook it up to
your browser, but there is a fork available with full support.

[https://github.com/droidmonkey/keepassx_http/](https://github.com/droidmonkey/keepassx_http/)

~~~
alyandon
I'd probably switch to KeePassX instead of running KeePass in wine if the
password generator were as flexible.

~~~
the_af
Why are you running KeePass in wine?

~~~
alyandon
I have very complex password generation requirements for some of the services
I need to access and KeePassX does not:

    
    
        1) have nearly the same level of support for defining complex password generation rules
        2) have support for saving said custom password generation as a profile
    

So, KeePass + wine it is until I have a better alternative. :)

~~~
zokier
But why Wine?

[http://packages.ubuntu.com/xenial/keepass2](http://packages.ubuntu.com/xenial/keepass2)

~~~
alyandon
Inertia. I've been using KeePass for years and I'm still on v1 because at the
time the v1 database format was more well supported across all the "keepass"
compatible apps on iOS, OS X, Android, etc.

What I have works for me very well although I will admit that the v2 database
format is supported well enough these days that I could migrate.

~~~
zokier
Oh right, I didn't realize that people were still hanging on the legacy
version. Then I suppose Wine does actually make sense

------
21
Many years ago I reported two bugs in KeePass, one related to the tray icon,
and the other related to some bad rendering in the GUI.

Both were closed, with reasons like "this is a bug in .NET", "this is a bug in
Windows". Maybe they were, but somehow other applications didn't expose them.
The bugs were annoying, and if it were my software I would have fixed them
somehow, even if they were not my fault.

Long story short, the author gave me a bad impression, the kind of "know it
all, know it best" attitude. So his refusal to fix this MITM problem doesn't
surprise me one bit.

------
Orangeair
Why is there advertisement on the automated update server? Why can't he just
split them apart? What with things like Let's Encrypt nowadays, there really
shouldn't be any excuse not to use https. _Especially_ for a security related
product!

~~~
SignalsFromBob
There isn't an automated update server. KeePass can't auto-update. The web
server has a text file on it that contains the version number of the latest
release. KeePass (optionally) checks that file to see if a new version is
available and displays a notification to the user. Downloads and installation
of new versions has to be done manually by the user. The binaries are hosted
on SourceForge and other mirror sites, and in my cursory checking those are
serving the file over HTTPS. The binaries are digitally signed.

So any possible attack against KeePass would as most cause the notification
dialog to appear saying there's a new version.

anyway, the author found a solution by signing the text file that the update
checker looks at. IMO, that's a superior solution to HTTPS. He's posted a
statement on the KeePass website.
[http://keepass.info/help/kb/sec_issues.html#updsig](http://keepass.info/help/kb/sec_issues.html#updsig)

------
extropic-engine
I've already been slowly migrating from KeePass to
[https://www.passwordstore.org/](https://www.passwordstore.org/) and this is
just one more reason why.

------
jey

      The indirect costs of switching to HTTPS (like lost
      advertisement revenue) make it a inviable solution.
    

How does HTTPS result in lost ad revenue?

~~~
revelation
The answers here are off the mark. You can obviously have the update channel
use HTTPS and keep your website at HTTP (not recommended, but certainly
possible).

Or just sign the updates and version information.

~~~
pfg
The way the update system works (according to the article) is that it shows a
pop-up with the new version, and that pop-up opens their site (via HTTP). It
is conceivable that they'd rely on the impressions coming from update dialogs
for their ad revenue, so the argument they used (which - just to clarify - is
not _my_ argument) would apply here as well. Switching to HTTPS (or some other
signing mechanism) for the update check would solve one of the problems
described in the article (tricking the user into thinking there's a new
version available), but it would not eliminate the MitM opportunity on the
site itself.

~~~
stcredzero
The MitM on the automated update check is by far more dangerous.

------
puddintane
Roboform has been my go to, but honestly I don't know how well the security is
on it but by the track record it looks as though they have not had any issues
by what short searching I have done.

I've seen several open source systems that share on GitHub such as PadLock but
have yet to be able to test these to compare to Roboform. Considering how
cheap I was able to pick up Roboform to (as a college student I got 4 years
for 1) I really haven't seen the urge to switch considering on how universal
Siber System's Roboform does on multiple systems.

Even though this can also be a downfall if the developer's slack on one
system, I have been satisfied with these guys since I started using them so
many years ago and really haven't found many complaints.

 _edit_ My entire reasoning for posting was that while I'm very familiar with
Roboform my experience with KeePass was always lacking compared to others.

------
teilo
Couldn't this be solved by signing the update file?

But the excuse of the dev is bogus in any case. In is trivial to have that
single file transferred via HTTPS. His ad revenue excuse makes me thing
something fishy is going on here.

~~~
bqe
That would help, but an attacker being able to deliver an arbitrary website by
MITM is still something that should be avoided.

~~~
stcredzero
Signing the update file and having a separate page for the SHA256 hash of the
binary would win back a lot of my confidence at this point.

------
breakingcups
See a more detailed (but still very wrong in my opinion) response from Dominik
here:
[https://sourceforge.net/p/keepass/discussion/329220/thread/e...](https://sourceforge.net/p/keepass/discussion/329220/thread/e430cc12/#f398)

------
pcunite
Disable the update via:

[https://sourceforge.net/p/keepass/discussion/329220/thread/a...](https://sourceforge.net/p/keepass/discussion/329220/thread/a7ea7b6c/)

------
dmoy
Well I'm glad I switched off of keepass awhile back.

Anyone know any good password managers that have web login and support U2F?
Lastpass does not :(

~~~
wtbob
I just use a gpg-encrypted org-mode file (I can transparently decrypt it with
emacs). It's remarkably convenient, and I don't have to worry about software
going out of support.

~~~
dmoy
Yea I used to do something similar, but I'm really looking for something with
web support...

------
jackson_1
The indirect costs of switching to HTTPS (like lost advertisement revenue)
make it a inviable solution

This doesn't entirely make sense. I'm sure it's possible to serve adverts on a
HTTPS page, and let's encrypt is hardly expensive

~~~
eightysix_four
> I'm sure it's possible to serve adverts on a HTTPS page

Yes, you can, but you lose a tremendous amount of ad revenue and a number of
ad providers _still_ don't support HTTPS.

~~~
AjithAntony
Is this becuase all the third party assets and scripts would need to be HTTPS
as well? If they weren't then you get that browser warning about mixed
content?

------
jbob2000
It's free software; You have no right to complain or dictate priorities when
you aren't paying for it. You aren't the customer, KeePass 2 advertisers are.

Use 1password and pay $5 a month if you want the right to complain.

~~~
cyphar
> It's free software;

It is not free software, it's proprietary. Please don't use the phrase "free
software" in this context, as it confuses people. It has a very specific
meaning in the context of software.

~~~
0x4a42
On the homepage it says: "KeePass is really free, and more than that: it is
open source (OSI certified). You can have a look at its full source and check
whether the encryption algorithms are implemented correctly.".

Why do you say it's proprietary?

~~~
cyphar
Ah sorry, I was wrong. I thought that KeePass was proprietary and that
KeePassX was a free software replacement. :P

