WP6. KeePass Password Safe

Similar documents
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.


Record of Revisions to Patient Tracking Spreadsheet Template

This standard operating procedure applies to stop smoking services provided by North 51.

Extended G/L Segment Codes

A fake medicine that passes itself off as a real, authorised medicine. (1)

How to Get Set Up and Running with NDepend

Coding. Training Guide

PROCEDURAL SAFEGUARDS NOTICE PARENTAL RIGHTS FOR PRIVATE SCHOOL SPECIAL EDUCATION STUDENTS

NATIONAL SENIOR CERTIFICATE GRADE 12

Building Code 101 OWMC November 20, Ministry of Municipal Affairs and Housing

Annual Principal Investigator Worksheet About Local Context

Assessment Field Activity Collaborative Assessment, Planning, and Support: Safety and Risk in Teams

How to become an AME Online

Completing the NPA online Patient Safety Incident Report form: 2016

Statement of Work for Linked Data Consulting Services

AUTHORISED BY: CEO. Introduction. Whistle Blowing

EMEA DICOMBurner solution EMEA DICOMBurner solution

FDA Dietary Supplement cgmp

2017 CMS Web Interface

The Mental Capacity Act 2005; a short guide for the carers and relatives of those who may need support. Ian Burgess MCA Lead 13 February 2017

2017 CMS Web Interface

Swindon Joint Strategic Needs Assessment Bulletin

NHAIS SIS Communication

Commissioning Policy: South Warwickshire CCG (SWCCG)

Appendix C. Master of Public Health. Practicum Guidelines

LEVEL OF CARE GUIDELINES: INTENSIVE BEHAVIORAL THERAPY/APPLIED BEHAVIOR ANALYSIS FOR AUTISM SPECTRUM DISORDER HAWAII MEDICAID QUEST

Code of Conduct for Employees

Annual Assembly Abstract Review Process

DATA RELEASE: UPDATED PRELIMINARY ANALYSIS ON 2016 HEALTH & LIFESTYLE SURVEY ELECTRONIC CIGARETTE QUESTIONS

CONSENT FOR KYBELLA INJECTABLE FAT REDUCTION

Podcast Transcript Title: Common Miscoding of LARC Services Impacting Revenue Speaker Name: Ann Finn Duration: 00:16:10

Lee County Florida Income Guideline Chart

Food Stamp Program Pandemic Flu Planning

Concept paper on the need for revision of the guideline on clinical investigation of medicinal products in the treatment of depression

Herbal Medicines: Traditional Herbal Registration

HIS Registry of Ministry Resources

VALE DATED 7.0 APPENDICES

P02-03 CALA Program Description Proficiency Testing Policy for Accreditation Revision 1.9 July 26, 2017

Campus Climate Survey

Using the RC View DAT App

Kaltura MediaSpace Module Development Guidelines and Best Practices Developer Guide. Version: Kaltura MediaSpace 5

Seeking and Appraising Evidence

Immunisation and Disease Prevention Policy

Breast Cancer Awareness Month 2018 Key Messages (as of June 6, 2018)

Corporate Governance Code for Funds: What Will it Mean?

SUMMARY THE EUROPEAN COMMUNITY STRATEGY

Improving Surveillance and Monitoring of Self-harm in Irish Prisons

International Experts Meeting on Severe Accident Management in the Light of the Accident at the Fukushima Daiichi Nuclear Power Plant

Human papillomavirus (HPV) refers to a group of more than 150 related viruses.

2017 CMS Web Interface

All meetings and events held by, or on behalf of ESN Agder All ESN-related online activity All external representation of ESN and ESN Agder

UNIT 6. DEVELOPING THREAT/HAZARD-SPECIFIC ANNEXES

MGPR Training Courses Guide

GUIDANCE DOCUMENT FOR ENROLLING SUBJECTS WHO DO NOT SPEAK ENGLISH

Rate Lock Policy. Contents

Alcohol & Substance Misuse Policy. St Mary s CE Academy Trading Company. Date: Spring 2017 Date of Next Review: Summer 2018

Meaningful Use Roadmap Stage Edition Eligible Hospitals

Effective date: 15 th January 2017 Review date: 1 st May 2017

Public consultation on the NHMRC s draft revised Australian alcohol guidelines for low-risk drinking

The Cannabis Act and Regulations

Strategic Plan Publication No: EO-SP

Structured Assessment using Multiple Patient. Scenarios (StAMPS) Exam Information

Action plan: serialisation of Nordic packages focus on Product Codes

ACSQHC National Consensus Statement: Essential Elements for High Quality End-oflife Care in Acute Hospitals.

S.K.J Construction Ltd Groundwork & Civil Engineering

NATIONAL WEEK OF DEAF PEOPLE 19 th 25 th October 2013 EVENT QUIDELINES. Equality for Deaf People

EXPLORING THE PROCESS OF ASSESSMENT AND OTHER RELATED CONCEPTS

Health Consumers Queensland submission

Indirect Sales. Proof Policy. Indirect Channel. Version May Author: Credit Risk & Fraud. External version

PREPARED FOR: U.S. Army Medical Research and Materiel Command Fort Detrick, Maryland

Code of employment practice on infant feeding

CSE 331, Spring 2000

Specifically, on page 12 of the current evicore draft, we find the statement:

Methadone Maintenance Treatment for Opioid Dependence

Promoting Health and Preventing Disease: The EU Health Promotion and Disease Prevention Knowledge Gateway

For personal use only

Call for evidence on the use of skin sensitisers, skin irritants and corrosive substances in textile and leather articles, hides and furs

Independent Charitable Patient Assistance Program (IPAP) Code of Ethics

World Confederation for Physical Therapy Congress , May Singapore

Hospital Preparedness Checklist

2018 CMS Web Interface

ICT4LIFE. Final Conference. ICT4Life field work - tailored solutions in diverse regional context Ariane Girault, E-Seniors Association

Bariatric Surgery FAQs for Employees in the GRMC Group Health Plan

The ECG app is not intended for use by people under 22 years old.

2018 Medical Association Poster Symposium Guidelines

Signature Assignment. Course. ANTH 2346: General Anthropology. Assignment ID (to be assigned) Outcomes/Rubrics to be Assessed by the Assignment

2017 PEPFAR Data and Systems Applied Learning Summit Day 2: MER Analytics/Available Visualizations, Clinical Cascade Breakout Session TB/HIV EXERCISE

1100 Marie Mount Hall College Park, Maryland Tel: (301) Fax: (301)

QP Energy Services LLC Hearing Conservation Program HSE Manual Section 7 Effective Date: 5/30/15 Revision #:

GSB of EDA Meeting Minutes

Medical Device Software Development Management: Following FDA Guidelines for Software Validation

TABLE OF CONTENTS Glossary of terms Code Pad Diagram 3. Understanding the Code Pad lights.4.

Dear Student, IMMUNIZATION RECORD INSTRUCTIONS

EXECUTIVE SUMMARY INNOVATION IS THE KEY TO CHANGING THE PARADIGM FOR THE TREATMENT OF PAIN AND ADDICTION TO CREATE AN AMERICA FREE OF OPIOID ADDICTION

HOSA 105 EMERGENCY PREPAREDNESS

CHEAC Summary. BMCR Medical Cannabis Regulations. Distribution, Transportation and Dispensaries

WHAT IS HEAD AND NECK CANCER FACT SHEET

DISCUSSION DRAFT DEVENTER, OCTOBER 2006 Consolidation of documents due for revision

(Please text me on once you have submitted your request online and the cell number you used)

Transcription:

WP6 DIGIT B1 - EP Pilt Prject 645 Deliverable 2: Summary f the Evaluatin f Results KeePass Passwrd Safe Specific cntract n 226 under Framewrk Cntract n DI/07172 ABCIII Octber 2016

Authr: Disclaimer The infrmatin and views set ut in this publicatin are thse f the authr(s) and d nt necessarily reflect the fficial pinin f the Cmmissin. The cntent, cnclusins and recmmendatins set ut in this publicatin are elabrated in the specific cntext f the EU FOSSA prject. The Cmmissin des nt guarantee the accuracy f the data included in this study. All representatins, warranties, undertakings and guarantees relating t the reprt are excluded, particularly cncerning but nt limited t the qualities f the assessed prjects and prducts. Neither the Cmmissin nr any persn acting n the Cmmissin s behalf may be held respnsible fr the use that may be made f the infrmatin cntained herein. Eurpean Unin, 2016. Reuse is authrised, withut prejudice t the rights f the Cmmissin and f the authr(s), prvided that the surce f the publicatin is acknwledged. The reuse plicy f the Eurpean Cmmissin is implemented by a Decisin f 12 December 2011. Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 2 f

Reprt Summary Title Prject Owner DIGIT Spnsr KeePass Passwrd Safe KeePass Cmmunity EU-FOSSA prject Authr Type DIGIT Public Versin V 0.5 Versin date 10/10/2016 Reviewed by EU-FOSSA Team Revisin date 08/11/2016 Apprved by Eurpean Cmmissin - Directrate- General fr Infrmatics (DIGIT) Apprval date T be apprved Nº Pages Distributin list Name and surname Area Cpies IT cntacts T be identified T be identified Cmmunities KeePass security Team 1 Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 3 f

Cntents CONTENTS... 4 LIST OF TABLES... 5 LIST OF FIGURES... 6 ACRONYMS AND ABBREVIATIONS... 7 1 INTRODUCTION... 8 1.1. CONTEXT... 8 1.2. OBJECTIVE... 8 1.3. SCOPE... 9 1.4. DELIVERABLES... 10 2 EXECUTIVE SUMMARY... 11 3 CODE REVIEW ENVIRONMENT... 13 4 SECURITY ASSESMENT... 14 4.1. MEDIUM RISK FINDINGS... 15 4.2. LOW RISK FINDINGS... 19 4.3. INFORMATIONAL RISK FINDINGS... 21 5 RECOMMENDATIONS... 25 5.1. DETAILS... 25 5.2. PRIORITISATION... Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 4 f

List f Tables Table 1: Security Assessment f CBC-VMG-008... 15 Table 2: Security Assessment f CBC-MEM-005... 15 Table 3: Security Assessment f CBC-ENV-004... 16 Table 4: Security Assessment f CBC-MSC-001... 17 Table 5: Security Assessment f CPP-MSC-001... 18 Table 6: Security Assessment f SCD-FWK-001... 19 Table 7: Security Assessment f SCD-VTY-002... 19 Table 8: Security Assessment f CBC-VMG-023... 20 Table 9: Security Assessment f EHI-EHD-002... 21 Table 10: Security Assessment f CPP-VMG-007... 22 Table 11: Security Assessment f CPP-OOP-007... 23 Table 12: Security Assessment f LOG-CFG-004... 23 Table 13: Security Assessment f CPP-VMG-008... 24 Table 14: Security Assessment f CPP-OOP-001... 24 Table 15: Cntrls with Findings and Recmmendatins/Specific Slutins... 25 Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 5 f

List f Figures Figure 1: Risk Level... 11 Figure 2: Pririty levels... Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 6 f

Acrnyms and Abbreviatins AES CWE EU-FOSSA FOSS IDE WP Advanced Encryptin Standard Cmmn Weakness Enumeratin Free and pen Surce Sftware Auditing prject Free and Open Surce Sftware Integrated Develpment Envirnment Wrk Package Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 7 f

1 INTRODUCTION 1.1. Cntext The security f the applicatins used nwadays has becme a majr cncern fr rganisatins, cmpanies and citizens in general, as they are becming a mre cmmn part f ur daily lives, and are being used fr business and leisure purpses alike. This infrmatin has becme the mst essential asset t prtect, as it includes persnal infrmatin, internal data, industrial prperty, etc. Frm a security pint f view, this new scenari presents many new challenges that need t be addressed in rder t prtect the integrity and cnfidentiality f the data managed by the applicatins and their users. Furthermre, their expsure t the Internet has made them a prime target, due t the value that this private and internal infrmatin has. One f the advantages f Free and Open-Surce Sftware (FOSS) is that its surce cde is readily available fr review by anyne, and therefre it virtually enables any user t check and prvide new features and fixes, including security nes. Als, frm a mre prfessinal pint f view, it allws rganisatins t review the cde cmpletely and find the vulnerabilities r weaknesses that it presents, allwing fr a refinement f their security and in turn a safer experience fr all the users f the applicatins. 1.2. Objective The bjective f this dcument is t prvide, in a summarised frmat, the results f the cde review ran n the KeePass Passwrd Safe sftware. This ges with a set f recmmendatins fcused n increasing the verall security level f the applicatin. This review is carried ut within the EU- FOSSA prject, fcusing n the security aspects f the sftware. The bjective f this cde review is t examine the KeePass Passwrd Safe sftware, fcusing mainly n its security aspects, the risk that they pse t its users and the integrity and cnfidentiality f the data cntained within. KeePass is a free and pen surce sftware tl, which helps t manage passwrds in a secure way. All passwrds can be stred in ne database, which is lcked with ne master key r a key file. Thus it is nly necessary t remember ne master passwrd r select the key file t unlck the whle database. The databases are encrypted using the Advanced Encryptin Standard (AES) and Twfish encryptin algrithms. Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 8 f

1.3. Scpe The scpe f the prject is as fllws: Applicatin name KeePass Passwrd Safe Review start 24/08/2016 Cde review wner Eurpean Cmmissin - Directrate-General fr Infrmatics (DIGIT) Review end 23/09/2016 Objective Security Cde Review Num. Lines 84 622 Versin 1.31 Prgramming language C++ Verificatin level 1-Oprtunistic 2-Standard 3-Advanced Libraries MFC v 9.0 (ut f the cde review scpe, as it is a Micrsft prprietary cde.) Extensins/plugins Services required N/A N/A Result visibility Internal Restricted Public Critical ntificatin During assessment / final reprt nly Dminik Reichl dminik.reichl@t-nline.de Categries Data/Input Management Authenticatin Cntrls Sessin Management Authrisatin Management Cryptgraphy Errr Handling / Infrmatin Leakage Sftware Cmmunicatins Specific C cntrls Lgging/Auditing Secure Cde Design Optimised Mde Cntrls Specific C++ cntrls Specific JAVA cntrls Specific PHP cntrls X X The cde review f the KeePass Passwrd Safe includes: Cmments 1. KeePass v 1.31 Since versin 1.21, KeePass has been develped and cmpiled using Visual Studi 2008 (with MFC 9.0) Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 9 f

1.4. Deliverables 1 WP6 - Deliverable 1: Cde Review Results Reprt KeePass Passwrd Safe Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 10 f

2 EXECUTIVE SUMMARY This dcument is a high level reprt f the cde review perfrmed fr the sftware KeePass Passwrd Safe (versin 1.31), where the assessment f the findings is explained, as well as the recmmendatins t imprve the security f the cde. Fr technical details please see the cmplete KeePass Cde Review Results Reprt 1 This cde review has been carried ut fllwing a manual review prcess aided by tw pen-surce review tls: 1. CdeLite: a Free Open-Surce Integrated Develpment Envirnment (IDE) fr C, it is ne f the mst used IDE fr C and C++, quite easy t install and use. 2. FlawFinder: a Free Open-Surce cde review tl develped by David A. Wheeler, an expert in Free and Open Surce Sftware and secure sftware develpment. This tl specialises in finding security flaws in C and C++. The assessment f the findings pinted ut by the cde review has been perfrmed frm the attackers pint f view, where: The threat is related t the attacker; The vulnerability is related t the ptential issue that may be caused and; The impact is related t the cnsequences f the attack being successful. Frm a security pint f view, KeePass Passwrd Safe can be cnsidered mature. This fact is crrbrated by checking the results: Figure 1: Risk Level 8 6 4 2 0 5 6 3 0 0 Critical High Inf All f the findings can be slved easily withut perfrming cmplex develpments, and the risk f them being explited is either lw r nt pssible withut mdifying the surce cde itself. 1 See the EU-FOSSA Cmmunity n Jinup: link Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 11 f

Furthermre, these vulnerabilities are hard t explit. This makes it difficult t take advantage f the vulnerabilities in nrmal envirnments. Hwever, in custm implementatins this needs t be duble-checked, as versights r changes may make these vulnerabilities directly explitable by attackers. It is imprtant t ntice that this cde review des nt guarantee that all f the vulnerabilities are detected. Sme security issues can remain undetected, therefre it is advisable t carry ut ther security tests t cmplement this cde review. As far as the he priritisatin is cncerned, it is prpsed accrding t their criticality: medium risk findings shuld be reslved in the shrt-term, lw risk findings in the mid-term, and the infrmative nes in the lng-term. Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 12 f

3 CODE REVIEW ENVIRONMENT In rder t carry ut the cde review and analysis, there was a need t develp a specific cde review envirnment with the necessary tls (including bth autmated and manual tls). Fr the manual cde review, an IDE (Integrated Develpment Envirnment) was used: CdeLite: a FOSS applicatin that is light, user-friendly and has a high maturity level (versin: 9). It is a crss-platfrm (supprting Windws, the majr Linux distributins and Mac OS). It supprts the fllwing languages: C C++ JavaScript PHP One f the main reasns why it was chsen: its excellent supprt f C and C++ cde. Surce: http://www.cdelite.rg/ Alngside this IDE, an autmated tl was als used t help cmplement the findings and ptential results: FlawFinder: a FOSS autmatic secure cde review tl mainly fcused n C and C++ cde. It supprts Linux and Unix-based perating systems mainly, althugh it can als be run n Windws when cmpiled using Cygwin. It is cmpatible with Cmmn Weakness Enumeratin (CWE), prviding useful feedback n any finding. As a side nte, this tl was develped by David A. Wheeler, an authrity in the fields f secure sftware develpment and pen-surce sftware. Surce: http://www.dwheeler.cm/flawfinder/ Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 13 f

4 SECURITY ASSESMENT There were a ttal f 10 batches with findings in 14 cntrls. These cntrls are gruped based n their verall risk level: Risk CBC-VMG-008 CBC-MEM-005 CBC-MSC-001 CPP-MSC-001 CBC-ENV-004 Risk SCD-FWK-001 SCD-VTY-002 CBC-VMG-023 Infrmatinal Risk LOG-CFG-004 CPP-VMG-008 CPP-OOP-001 EHI-EHD-002 CPP-VMG-007 CPP-OOP-007 After a detailed review and fllwing infrmatin exchange with KeePass pint f cntact, it was determined that sme f these findings are cntrlled within the cde, s the risk is mitigated and they d nt represent a security vulnerability. Hwever, they are still mentined here t cnsider in future develpments. The findings are: CBC-MSC-001 CBC-ENV-004 CPP-MSC-001 EHI-EHD-002 CPP-VMG-007 CPP-OOP-007 Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 14 f

4.1. Risk Findings Table 1: Security Assessment f CBC-VMG-008 CBC-VMG-008 Ensure that flating-pint cnversins are within the range f the new type Finding In flating-pint value cnversins, if the destinatin type is smaller than the rigin, it must be verified that the value can fit in the new type. Threat Vulnerability Impact Detectins File/s: Line/s: %rt%\wingui\newgui\bcmenu.cpp 2686, 2749 Assessment There are n errr management cntrls f the return methd GetUpperBund().Any errrs in the type cnversin must be cntrlled and managed. Thus the pssible errr r exceptins that this functin can trigger must be cntrlled. Threat (): t explit this functinality, it is necessary t have access t the cde. Vulnerability (): it is hard t find this vulnerability and t explit it as well. It is als nt publicly knwn. Impact (): it can nly affect lcal cmputers. The result f its ccurrence is a lss f data integrity and precisin. Related vulnerability cde: N/A. Table 2: Security Assessment f CBC-MEM-005 CBC-MEM-005 Allcate sufficient memry fr an bject Finding It is necessary t guarantee that strage fr strings has sufficient space available fr character data and cnsequently t allcate sufficient memry fr an bject. Threat Vulnerability Impact Detectins File/s: Line/s: %rt%\wingui\pwsafe.cpp 496 Assessment The _tcslen functin is nt capable f handling strings that are nt \0-terminated. If such a string is passed withut \0-terminatin, the functin will execute an ver-read and ptentially cause the applicatin t crash if n further cntrls are in-place. Threat (): t explit this functinality, it is necessary t have access t the cde. On the ther hand, this finding can be detected using autmatic tls. Vulnerability (): these functins d nt have any cntrl r filtering functinality t check the parameter received. S it can receive a nn \0- terminated string. Impact (): it can nly affect lcal cmputers. Related vulnerability cde: CWE-126. Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 15 f

Table 3: Security Assessment f CBC-ENV-004 CBC-ENV-004 D nt call system() functin Finding The use f system() functins can result in explitable vulnerabilities, allwing the executin f arbitrary system cmmands. Threat Vulnerability Impact File/s: Line/s: Detectins %rt%\wingui\updateinfdlg.cpp 144 %rt%\winngui\pwsafedlg.cpp 627, 635, 6418, 8710 %rt%\wingui\newgui\xhyperlink.cpp 596 Assessment shellexecute: This causes a new prgram t execute and it is difficult t use safely. If the path it is nt prvided, the use f system() functins t execute a cmmand culd ptentially execute the wrng applicatin with the same filename. It is recmmended t use an alternative functin that cntrls this eventuality. Threat (): t explit this functinality, it is necessary t have access t the cde. On the ther hand, this finding can be detected using autmatic tls. Vulnerability (): these functins d nt have any cntrl r filtering functinality, thus being able f ptentially executing any cmmand passed thrugh them. Impact (): it can nly affect lcal cmputers, therefre remte prgrams cannt be accessed unless previusly dwnladed. Related vulnerability cde: CWE-78. This issue is cntrlled prgrammatically within the KeePass cde. The issue in this case des nt affect the security f the cde because is nt related t the main functinality f the sftware (encryptin). Hwever is still mentined t create awareness abut it. Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 16 f

Table 4: Security Assessment f CBC-MSC-001 CBC-MSC-001 D nt use the rand() functin t generate pseudrandm numbers Finding The rand() functin shuld nt be used t generate randm numbers, as they are predictable due t the shrt cycle f numbers that it uses. Threat Vulnerability Impact File/s: Line/s: Detectins %rt%\keepasslibcpp\sysspec_windws\newrandm.cpp 74,76,78 %rt%\wingui\util\winutil.cpp 954 rand(): the rand() functin is n lnger safe, as it des nt prvide enugh entrpy t be cnsidered apt fr security applicatins. The use f an alternative functin is recmmended, such as randm(). Assessment Threat (): t explit this functinality, it is necessary t have access t the cde. Furthermre the attacker shuld have advanced cding and netwrks skills. On the ther hand, this finding can be detected using autmatic tls. Vulnerability (): the weak entrpy f the rand() functin leads t predictable randm numbers Impact (): it is easier t guess the randm number when using this functin instead f ther similar. Related vulnerability cde: CWE-327. This issue is cntrlled prgrammatically within the KeePass cde. The issue in this case des nt affect the security f the cde because is nt related t the main functinality f the sftware (encryptin). Hwever is still mentined t create awareness abut this functin. The usage f rand() must be ceased in future develpments. Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 17 f

Table 5: Security Assessment f CPP-MSC-001 CPP-MSC-001 D nt use std::rand() t generate pseudrandm numbers Finding Using the std::rand() functin culd lead t predictable randm numbers. Threat Vulnerability Impact Detectins File/s: Line/s: %rt%\winngui\pwsafedlg.cpp 654 Assessment This functin is nt sufficiently randm fr security-related functins such as key and nnce creatin. Threat (): t explit this functinality, it is necessary t have access t the cde. Furthermre the attacker shuld have advanced cding and netwrks skills. On the ther hand, this finding can be detected using autmatic tls. Vulnerability (): the weak entrpy f the std::rand() functin leads t predictable randm numbers Impact (): it is easier t guess the randm number when using this functin instead f anther similar ne. Related vulnerability cde: CWE-76. This issue is cntrlled prgrammatically within the KeePass cde. The issue in this case des nt affect the security f the cde because is nt related t the main functinality f the sftware (encryptin). Hwever is still mentined t create awareness abut it. Hwever is still mentined t create awareness abut this functin and still mentined in here. The usage f std::rand() must be ceased in future develpments. Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 18 f

4.2. Risk Findings Table 6: Security Assessment f SCD-FWK-001 SCD-FWK-001 All framewrks and third party cmpnents are up-t-date Finding RegCreateKey: this functin is prvided nly fr cmpatibility with 16-bit versins f Windws. Applicatins shuld use the RegCreateKeyEx functin. Threat Vulnerability Impact High Detectins File/s: Line/s: %rt%\wingui\pwsafe.cpp 328 Assessment The use f bslete functins is discuraged unless strictly necessary due t legacy cncerns. These functins are knwn and easily discverable using autmated tls. Threat (): it is publicly knwn and detectable, but it can nly be indirectly explited. Vulnerability (High): deprecated functins usually have well-knwn flaws that can be explited. Impact (): it nly affects a limited part f the applicatin. Related vulnerability cde: CWE-676. Table 7: Security Assessment f SCD-VTY-002 SCD-VTY-002 On divisin peratins, check that the divisr des nt equal zer Finding The size f the lpstrtext variable is nt cntrlled against invalid r zer values. Threat Vulnerability Impact Detectins File/s: Line/s: %rt%\wingui\newgui\bcmenu.cpp 1011 Assessment In divisin peratins, the values must be checked t ensure that n invalid values are perated and that n value is divided by zer. Threat (): the attacker needs access t the cde and specific skills t explit this vulnerability. Vulnerability (): it is hard t find and t explit this vulnerability, but it is a wrng cding practice. Impact (): it nly affects in the cases that the lpstrtext functin returns a 0 value. Related vulnerability cde: N/A. Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 19 f

Table 8: Security Assessment f CBC-VMG-023 CBC-VMG-023 D nt read uninitialised memry Finding The sztitle variable is nt initialised befre accessing its cntent. The m_value variable is nt initialised befre accessing its cntent. Threat Vulnerability Impact Detectins File/s: Line/s: %rt%\wingui\util\sendkeys.cpp 585 Assessment Lcal, autmatic variables assume unexpected values if they are read befre they are initialised. Threat (): the attacker needs t have access t specific resurces and must have advanced cmputer skills t explit this flaw. Vulnerability (): it is hard t discver and t explit. Impact (): can lead t unexpected behaviur when accessing the unexpected values f a nn-initialised variables. Related vulnerability cde: N/A. Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 20 f

4.3. Infrmatinal Risk Findings Table 9: Security Assessment f EHI-EHD-002 EHI-EHD-002 Try-catch-finally blck Inf Finding The finally statement shuld always be present, and used t release system resurces and perfrm ther clean actins. If any f these additinal actins within the finally blck can thrw exceptins, these need t be captured within a new try-catch-finally blck. Threat Vulnerability Impact Detectins File/s: %rt%\wingui\util\sessinntify. 65 Line/s: Assessment Thse prgramming languages that have the try-catch-finally structure have t be used crrectly. The finally statement shuld always be present, and used t release system resurces and perfrm ther clean actins. Threat (): users cannt directly take advantage f this vulnerability. Vulnerability (): risk f memry exhaustin r f leaving a cmpnent in an undefined state. Impact (): can cause an applicatin t freeze r even crash. Related vulnerability cde: N/A. This issue is cntrlled prgrammatically within the KeePass cde. The issue in this case des nt affect the security f the cde because is nt related t the main functinality f the sftware (encryptin). Hwever is still mentined t create awareness abut it. Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 21 f

Table 10: Security Assessment f CPP-VMG-007 CPP-VMG-007 Guarantee that cntainer indexes/iteratrs are within a valid range Inf Finding The ps variable, used t access array psitins, is manually incremented, and n range cntrls are inplace t ensure that the value remains valid and within bunds. A misuse f this variable can lead t an imprper behaviur, even a prgram crash. Threat Vulnerability Impact Detectins File/s: Line/s: %rt%\keepasslibcpp\details\pwfileimpl.cpp 4, 9, 305 Assessment Ensuring that array references are within the bunds f the array is almst entirely the respnsibility f the prgrammer when using standard template library vectrs. Threat (): the index used t g thrugh the array is nt cmmnly btained frm direct user input. Vulnerability (): the lack f length cntrl can be explited t cause a lack f memry r even a crash f the applicatin. Impact (): it wuld nly affect a sectin f the cde and it wuld be cmplex fr it t cause severe damages. Related vulnerability cde: N/A. This issue is cntrlled prgrammatically within the KeePass cde. The issue in this case des nt affect the security f the cde because is nt related t the main functinality f the sftware (encryptin). Hwever is still mentined t create awareness abut it. Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 22 f

Table 11: Security Assessment f CPP-OOP-007 CPP-OOP-007 Prefer special member functins and verladed peratrs t C Standard Library functins Inf Finding The memset( ) functin shuld nt be used t initialise bjects, as it may nt prperly initialise the value representatin f the bject. Imprper initialisatin leads t class invariants that d nt apply in later uses f the bject. Threat Vulnerability Impact Detectins File/s: Line/s: %rt%\wingui\newgui\btnst.cpp 503 %rt%\wingui\newgui\cbmenu.h 71 Assessment Several C standard library functins perfrm byte wise peratins n bjects. Threat (): the attacker needs special access r specific resurces and must have advanced cding skills t explit this flaw. Vulnerability (): it is hard t find and t explit this vulnerability. Impact (): the imprper initialisatin leads t class invariants that d nt apply in later uses f the bject. It can lead t an applicatin malfunctin. Related vulnerability cde: N/A. This issue is cntrlled prgrammatically within the KeePass cde. The issue in this case des nt affect the security f the cde because is nt related t the main functinality f the sftware (encryptin). Hwever is still mentined t create awareness abut it. Table 12: Security Assessment f LOG-CFG-004 LOG-CFG-004 Lgging exceptins Inf Finding There is n lgging functinality implemented in the catch( ) blck; therefre any exceptin captured is nt lgged, nr is any trace left f this event recrded Threat Vulnerability Impact Detectins File/s: Line/s: %rt%\keepasslibcpp\details\pwfindimpl.cpp Frm 51 t 60 Assessment Exceptins must be lgged in a prper manner in case they are nt t be thrwn. Threat (): users cannt directly take advantage f this vulnerability. Vulnerability (): it is hard t discver and its explitatin is theretical Impact (): its explitatin des nt directly damage the system. Related vulnerability cde: N/A. Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 23 f

Table 13: Security Assessment f CPP-VMG-008 CPP-VMG-008 Guarantee that library functins d nt frm invalid iteratrs Inf Finding Memry peratins: Memry peratins dne using memcpy, are used several times withut checking the size f the surce and destinatin. The functin des nt verify if the destinatin cntainer is able t hld the element t be cpied via memcpy( ). Threat Vulnerability Impact Detectins File/s: Line/s: %rt%\wingui\addentrydlg.cpp 1071 Assessment Cpying data int a cntainer that is nt large enugh t hld the riginal data will result in a buffer verflw. Threat (): the cde wuld need t be mdified directly in rder t explit this vulnerability, althugh it is discverable with autmated tls Vulnerability (): this vulnerability entails the knwn risk f lsing the integrity f the memry lcatins being managed within the functin (r thse accessed by it). Impact (): it is cmplex t explit this vulnerability, but the lack f a size cntrl fr arrays in the cde can result in an verflw. Related vulnerability cde: N/A. Table 14: Security Assessment f CPP-OOP-001 CPP-OOP-001 D nt invke virtual functins frm cnstructrs r destructrs Inf Finding CShutdwnBlcker is declared as a virtual functin in the header file. Threat Vulnerability Impact Detectins File/s: %rt%\wingui\util\shutdwnblcker.cpp 60 Line/s: Assessment A virtual functin is invked frm a cnstructr within an inherited class. Attempting t call a derived-class functin frm a base class under cnstructin is dangerus: th e derived class has nt had the pprtunity t initialise its resurces, which is why calling a virtual functin frm a cnstructr des nt result in a call t a functin in a mre derived class. Threat (): it needs special access and skills t get t the vulnerability Vulnerability (): it is hidden and hard t explit. Impact (): it can lead t an unexpected behaviur. Related vulnerability cde: N/A. Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 24 f

5 RECOMMENDATIONS 5.1. Details The cde review has evaluated the security level f the applicatin analysed and identified vulnerabilities and weaknesses that can put it at risk. In this sectin, fr each finding a crrespnding recmmendatins is given t help increase the verall security level f the applicatin. Table 15 shws the recmmendatins that shuld be implemented fr each f the findings described and assessed in Sectin 4. Table 15: Cntrls with Findings and Recmmendatins/Specific Slutins Cntrls with Findings Recmmendatin/Specific Slutin CBC-VMG-008 R01_CBC-VMG-008 Recmmendatin: There must be a cntrl within the cde t check the return methd GetUpperBund in rder t manage pssible errrs r exceptins. CBC-MEM-005 R02_CBC-MEM-005 The _tcslen functin is nt capable f handling strings that are nt \0-terminated. The cde must have cntrls t ensure that the string is passed with \0-terminatin, r add \0 at the end f the string if necessary.. CBC-ENV-004 R03_CBC-ENV-004 This issue is cntrlled prgrammatically within the KeePass cde. Befre deciding t change it, ne must take int accunt the risk f adding mre cmplexity t the cde, and ensure that the mitigatin f the risk that is prvided via the cde is maintained. Where mre cntrl is required n what will be executed use ShellExecuteEx instead f ShellExecute. ShellExecuteEx prvides additinal functinality. If yu dn't require any f the functinality prvided by ShellExecuteEx; keep it simple and stick with ShellExecute. Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 25 f

Cntrls with Findings Recmmendatin/Specific Slutin CBC-MSC-001 R04_CBC-MSC-001 This issue is cntrlled prgrammatically within the KeePass cde. The issue in this case des nt affect the security f the cde because is nt related t the main functinality f the sftware (encryptin). Hwever is still mentined t create awareness abut this functin and as an infrmatinal issue. The usage f rand() must be ceased in future develpments. Befre deciding t change it, ne must take int accunt the risk f adding mre cmplexity t the cde, and ensure that the mitigatin f the risk that is prvided via the cde is maintained. Recmmendatin: The rand() functin des nt prvide enugh entrpy. The usage f ther functins such as randm() is recmmended. CPP-MSC-001 R05_CPP-MSC-001 This issue is cntrlled prgrammatically within the KeePass cde. The issue in this case des nt affect at all the security f the cde because is nt related t the crucial functinality f the sftware (encryptin). Hwever is still mentined t create awareness abut this functin and as an infrmatinal issue. The usage f std::rand() must be ceased in future develpments. Befre deciding t change it, ne must take int accunt the risk f adding mre cmplexity t the cde, and ensure that the mitigatin f the risk that is prvided via the cde is maintained. Recmmendatin: The std::rand() functin is nt sufficiently randm fr security-related functins. Instead it is recmmended t implement a cde such as: std::default_randm_engine engine; engine.seed(n); std::unifrm_int_distributin<> distributin; aut rand = [&](){ return distributin(engine); } Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 26 f

Cntrls with Findings Recmmendatin/Specific Slutin EHI-EHD-002 R06_EHI-EHD-002 This issue is cntrlled prgrammatically within the KeePass cde. Befre deciding t change it, ne must take int accunt the risk f adding mre cmplexity t the cde, and ensure that the mitigatin f the risk that is prvided via the cde is maintained. Recmmendatin: The finally statement shuld always be present, and used t release system resurces and t perfrm ther clean actins. If any f these additinal actins can thrw exceptins, these need t be captured within a new try-catch-finally blck. SCD-FWK-001 R07_SCD-FWK-001 Specific Slutin: The usage f deprecated functins is discuraged. RegCreateKey: this functin is prvided nly fr cmpatibility with 16-bit versins f Windws. Applicatins shuld use the RegCreateKeyEx functin. SCD-VTY-002 R08_SCD-VTY-002 Recmmendatin: Check the lpstrtext variable t ensure that n invalid r zer values are received. CBC-VMG-023 R09_CBC-VMG-023 Recmmendatin: Always initialise variables prir t accessing their cntent. In ther case it will lead t an unexpected behaviur. CPP-VMG-007 R10_CPP-VMG-007 This issue is cntrlled prgrammatically within the KeePass cde. Befre deciding t change it, ne must take int accunt the risk f adding mre cmplexity t the cde, and ensure that the mitigatin f the risk that is prvided via the cde is maintained. Recmmendatin: Set cntrls in place t ensure that the values used in indexes r iteratrs remain within the valid range. There must be cntrls in place t ensure that the values used in indexes r iteratrs are within the valid range. Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 27 f

Cntrls with Findings Recmmendatin/Specific Slutin CPP-OOP-007 R11_CPP-OOP-007 This issue is cntrlled prgrammatically within the KeePass cde. Befre deciding t change it, ne must take int accunt the risk f adding mre cmplexity t the cde, and ensure that the mitigatin f the risk that is prvided via the cde is maintained. Recmmendatins: The behaviur f std::memset() can be avided with ther ptins: std::memset may be ptimised if the bject mdified is nt accessed again fr the rest f its lifetime. Defining an assignment peratr that is used instead. Replacing the call t this functin with a default-initialised cpy-and-swap peratin called clear(). Defining an equality peratr that is used instead. LOG-CFG-004 R12_LOG-CFG-004 Recmmendatin: Lg any exceptin captured that will nt be thrwn t have a recrd f the event. CPP-VMG-008 R13_CPP-VMG-008 Recmmendatin: Set cntrls in place t ensure that the destinatin cntainer can address the element t be cpied withut lsing integrity in memcpy() peratins CPP-OOP-001 R14_CPP-OOP-001 Specific Slutin: Call a nnvirtual, private member functin frm cnstructrs, r destructrs instead f calling a virtual functin Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page 28 f

5.2. Priritisatin Once the severity f the findings fund during the cde review has been determined, the fllwing step in the methdlgy includes a priritisatin prcess and an actin plan definitin. This allws the stakehlders and prject wners t identify the mst urgent findings that need t be slved, allwing the planning f the fixes as part f the standard develpment cycle. Fr this purpse, the fllwing pririty sets have been established. The main cnsideratin is t slve the findings identified during this cde review in the shrt-term. The lw findings shuld be targeted in the mid-term, and finally the Infrmative findings d nt require any pririty. Thus, the fllwing graph has been generated: Figure 2: Pririty levels Shrt-term CBC-VMG-008 CBC-MEM-005 CBC-ENV-004 CBC-MSC-001 CPP-MSC-001 Mid-term SCD-FWK-001 SCD-VTY-002 CBC-VMG-023 Lng-term EHI-EHD-002 LOG-CFG-004 CPP-VMG-007 CPP-VMG-008 CPP-OOP-001 CPP-OOP-007 Reuse r reprductin authrised withut prejudice t the Cmmissin s r the authrs rights. Page f

2024 © healthdocbox.com Privacy Policy | Terms of Service | Feedback