KeyPass does not securely handle credential storage

Question

KeyPass does not securely handle credential storage

Closed this issue a year ago · 4 comments

Describe the bug

Hi there, always great to see more Apps making use of F-Droid! I thought I'd take a quick look due to the popularity.

I believe KeyPass in it's current status does not meet the security standards of other password managers or the recommendations by organisations such as OWASP and MITRE. This project should probably contain a warning on usage and details on encryption mechanisms so users can make an informed choice on on how their sensitive data is protected.

Issues

The current database (storing passwords) and shared preferences (storing the login password) are are not encrypted and thus accessible in plaintext to potential attackers without logging in.
Database backups use a static IV of: private val iV = byteArrayOf(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) and when encrypted this results in a more predictable and potentially vulnerable exported backup.

To Reproduce

Steps to reproduce the behavior:

Download source code.
Build and then run on an emulator or real device with debugging enabled.
Open KeyPass then create a password to access.
Create a few example accounts.
Run adb shell "run-as com.yogeshpaliyal.keypass cat /data/data/com.yogeshpaliyal.keypass/databases/KeyPass-wal" > data.db to save the Write Ahead Log file containing the most recent changes to the DB.
cat data.db

Leak of login password

Leak of accounts

Recommendations

Enhance and fix the current storage mechanisms referring to the Android MASTG recommendations: https://github.com/OWASP/owasp-mastg/blob/master/Document/0x05d-Testing-Data-Storage.md

Answer 1 · 2023-06-24T12:46:51.000Z

Thanks @BenEdridge for raising this, will address these ASAP

Answer 2 · 2023-07-23T05:50:42.000Z

@BenEdridge Security has been improved in the latest version, can you verify once, thanks once again for raising this. ❤️

Answer 3 · 2023-07-23T11:20:26.000Z

Hi @yogeshpaliyal I've taken a quick look. Much better than before but one issue I raised still remains.

Static IV use (This should be generated with secure random number generator) and stored alongside encrypted data. Then extracted and used during decryption.

common/src/main/java/com/yogeshpaliyal/common/dbhelper/EncryptionHelper.kt
32:    private val iV = byteArrayOf(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0)

Additionally, user chosen passwords (Weak passwords quite often) should be used to derive a more secure encryption key using PBKDF2 or Argon2 (Similar to what 1Password and Bitwarden does).

User password -> PBKDF2/Argon2 -> Database Encryption/Database Backup Encryption

Answer 4 · 2023-07-23T11:23:05.000Z

Sure will look into this, thanks