KeePass   KeePass Help Center Home KeePass Home | Package Downloads | Flag Translations | Blocks Plugins | Donate Donate  
Home Help Center Home | People Forums | Award Awards | Link Links | Search Search  







Locked

Security Issues


Potential security issues and their status/analysis.

This page lists various potential security issues that have been reported and their status/analysis (whether the claims are valid, whether an issue is fixed, etc.).


Locked  Header Authentication

Problem. In their paper 'On The Security of Password Manager Database Formats', P. Gasti and K. B. Rasmussen have presented attacks on the KDB and KDBX file formats based on unauthenticated header data. For KDB, this issue has allowed silent data removal attacks. For KDBX, the issue has allowed silent data corruption attacks. Both were minor security issues (confidentiality was not compromised).

Status. Header data authentication has been introduced for both KDB and KDBX in KeePass 1.24 and 2.20, in order to prevent the attacks. See also the release notes KeePass 1.24 and 2.20 Header Authentication. P. Gasti and K. B. Rasmussen published their paper in a responsible disclosure process, and the defenses in KeePass have been implemented before the issues were presented to the public.


Locked  MemUtil.ArraysEqual Susceptible to Timing Attack

Problem. It has been reported that the method MemUtil.ArraysEqual is susceptible to a timing side-channel attack.

Analysis. The time required by MemUtil.ArraysEqual indeed depends on the data, but it is irrelevant. In a timing side-channel attack, an attacker analyzes the time that a cryptographic system requires to perform some operation and tries to deduce secret information from it. For KeePass, this is not applicable. KeePass is a desktop application and does not feature any server capabilities (especially, no automatic database opening can be triggered externally). If there is spyware on the PC that KeePass is running on, there are far more easy and efficient attacks for the spyware to steal passwords from KeePass than a timing side-channel attack (see also the section Specialized Spyware on the security page).


Run  KeeFarce

KeeFarce is not an attack (and the developer of the tool also nowhere declares it as attack or threat).

KeeFarce extracts information of a running KeePass process (with an open database) using a rather complicated method (using DLL injection). There are much simpler ways to achieve that. For example, a tool could send simulated keypresses to the KeePass window to export the data to a file (e.g. press Alt+F, E, Tab, Space, ...). Before that, a screenshot could be created and displayed above all windows in order to hide this procedure (and a user probably would not notice a screen freeze of one second). Alternatively, imagine a tool that captures your master password (keylogger) and your database file.

The actual problem here is running specialized spyware (as the same user and with the same rights, like KeeFarce assumes). If you are doing this, everything is over. An application cannot protect itself in such a case; all modern PC operating systems (Windows, Linux, ...) intentionally allow applications to manipulate other applications on the same level. See also the section Specialized Spyware on the security page.

Protections against generic (non-specialized) spyware can sometimes be implemented. For example, Two-Channel Auto-Type Obfuscation (TCATO) is a way to protect auto-typed data from keyloggers, the secure desktop protects your master password from some keyloggers, secure edit controls protect against password control spies, and so on. These protections only work against specific classes of generic spyware. For example, while TCATO protects against keyloggers, a spyware that is both a keylogger and a clipboard spy at the same time renders TCATO useless. Again, the actual problem is running spyware, not any insufficient protections. There is no protection against a spyware monitoring everything and allowed to do everything, except not running the spyware in the first place. Protections like TCATO might save you in the case of running some non-advanced spyware, but they are not a license for running any arbitrary spyware.

Neither KeePass nor any other password manager can magically run securely in a spyware-infected, insecure environment. Users still are responsible for the security of their PC. Do use anti-virus software, keep security-critical software up-to-date, use a proper firewall, only run software from trusted sources, do not open unknown e-mail attachments, etc.


Server  Automatic Update Vulnerability

There have been some articles about automatic KeePass updates being vulnerable. This section clarifies the situation and its resolution.

First of all, we would like to note that KeePass cannot update itself. KeePass does support checking for updates (optional; by downloading a version information file, comparing the available with the installed version number, and displaying a notification if necessary). However, it neither downloads nor installs any new version automatically. Users have to do this manually.

KeePass can be downloaded from many servers (SourceForge with its many mirror servers, FossHub, etc.). In order to make sure that the downloaded file is official, users should check whether the file is digitally signed (Authenticode; all KeePass binaries are signed, including the installer, KeePass.exe and all other EXE and DLL files). The digital signature can be checked using Windows Explorer by right-clicking the file -> 'Properties' -> tab 'Digital Signatures' (the expected signer name is 'Open Source Developer, Dominik Reichl'). When running the installer, the UAC dialog displays the digital signature information, i.e. users who carefully read the UAC dialog do not have to inspect the file properties separately. This is recommended for all users, independent of where you download KeePass from.

The KeePass website links to SourceForge for downloading KeePass. However, even if SourceForge (or the KeePass website) is compromised and serves a malicious download, users who check the digital signature will notice the attack and will not run the malware. Note that HTTPS cannot prevent an attack via a compromise of the download server; checking the digital signature does.

The version information file is downloaded from the KeePass website over HTTP. Thus a man in the middle (someone who can intercept your connection to the KeePass website) could have returned an incorrect version information file, possibly making KeePass display a notification that a new KeePass version is available. However, the next steps (downloading and installing the new version) must be carried out by the user manually, and here users who check the digital signature will notice the attack.

Resolution. In order to prevent a man in the middle from making KeePass display incorrect version information (even though this does not imply a successful attack, see above), the version information file is now digitally signed (using RSA-4096 and SHA-512). KeePass 2.34 and higher only accept such a digitally signed version information file. Furthermore, the version information file is now downloaded over HTTPS.







Valid XHTML 1.0 Transitional Document

Get KeePass

Flattr this


KeePass is OSI Certified Open Source Software
Copyright © 2003-2017
Dominik Reichl, [Legal Contact / Imprint] [Disclaimer] [Acknowledgements] [Donate], Downloads hosted at

Get KeePass at SourceForge.net