![]() Version petcc64-0.9.27 - Generates 64-bit PEs only ![]() Stripped down by Paul Ducklin for use as a learning tool Tiny C Compiler - Copyright (C) 2001-2023 Fabrice Bellard Append 16 pseudo-random ASCII charactersįor (int i = 1 i petcc64 -stdinc -stdlib unl1.c Copy in fixed string we can recognise in RAM Greatly simplified, the C code might look something like this, with no error checking, using poor-quality pseudo-random numbers from the C runtime function rand(), and ignoring any buffer overflow checks (never do any of this in real code!): Freeing up the memory in the hope of expunging the password buffer.Printing out the simulated password buffer.Appending 16 pseudo-random 8-bit ASCII characters from the range A-P.Inserting a known text string so we can easily find it in memory if needed.Allocating a dedicated chunk of memory specially to store the password.We’ll start by looking at memory use and cleanup in a simple C program that simulates entering and temporarily storing a password by doing the following: We therefore thought we’d take a high-level look at how secret data can get left behind in memory in ways that aren’t directly obvious from the code.ĭon’t worry if you aren’t a programmer – we’ll keep it simple, and explain as we go. But you might reasonably expect that your time exposed to danger would be limited to the brief period of typing, not extended to many minutes, hours or days afterwards, or perhaps longer, including after you shut your computer down. On a Windows computer where BitLocker isn’t used to encrypt the hard disk when the system is turned off, this would give a crook who stole your laptop a fighting chance of booting up from a USB or CD drive, and recovering your master password even though the KeyPass program itself takes care never to save it permanently to disk.Ī long-term password leak in memory also means that the password could, in theory, be recovered from a memory dump of the KeyPass program, even if that dump was grabbed long after you’d typed the password in, and long after the KeePass itself had no more need to keep it around.Ĭlearly, you should assume that malware already on your system could recover almost any typed-in password via a variety of real-time snooping techniques, as long as they were active at the time you did the typing. Simply put, the CVE-2023-32784 vulnerability means that a KeePass master password might be recoverable from system data even after the KeyPass program has exited, because sufficient information about your password (albeit not actually the raw password itself, which we’ll focus on in a moment) might get left behind in sytem swap or sleep files, where allocated system memory may end up saved for later. …might in fact not clean up fully at all, and the potential data leakage might not be obvious from a direct study of the code itself. In this article, we just want to remind programmers everywhere that code approved by a security-conscious reviewer with a comment such as “appears to clean up correctly after itself”… We’ll ignore here the problems of how to avoid having secret data in memory at all, even briefly. Heavily summarised, the bug boils down to the difficulty of ensuring that all traces of confidential data are purged from memory once you’ve finished with them. No one can steal your passwords remotely over the internet with this finding alone. If you use full disk encryption with a strong password and your system is, you should be fine. In other words, the bug can be considered an easily-managed risk until the creator of KeePass comes out with an update, which should appear soon (at the beginning of June 2023, apparently).Īs the discloser of the bug takes care to point out: The good news is that an attacker who wanted to exploit this bug would almost certainly need to have infected your computer with malware already, and would therefore be able to spy on your keystrokes and running programs anyway. The bug was considered important enough to get an official US government identifier (it’s known as CVE-2023-32784, if you want to hunt it down), and given that the master password to your password manager is pretty much the key to your whole digital castle, you can understand why the story provoked lots of excitement. Over the last two weeks, we’ve seen a series of articles talking up what’s been described as a “master password crack” in the popular open-source password manager KeePass.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |