Cis

410 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
410
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cis

  1. 1. 19.12.2008 Chapin Information Services Chapin Information Services Home Google Chrome Receives Lowest Password Security Score News Safari Ties for Last Place Software Translations Security Experience 12/12/2008 — Google's new web Currently, the password manager that browser may be fast and slim, but the is closest to solving the first three My password management features it offers problems is built into Opera 9.62. With Bookmarks are full of bugs. Chapin Information invisble form elements deactivated, Contact Us Services (CIS) reported critical options to limit saved passwords to a vulnerabilities in this software during its single page, and partial destination beta period, all of which were unfixed at checking, this is certainly one of the release time. more worry-free products. © 2003-2008 by Chapin Among the problems are three in Also new to this round of testing is Information particular that, when combined, allow Safari 3.2 for Windows. Safari and Services, Inc. password thieves to take passwords Chrome are essentially tied for the without the user's knowledge. worst password manager built into a major web browser. 3rd-party 1. The destination where passwords applications and plugins that were are sent is not checked. tested in July also tended to score very 2. The location where passwords are low overall, but still offered more requested is not checked. inherent security than either Safari or 3. Invisible form elements can trigger Chrome. password management. For example, RoboForm, which scores A technique described and demonstrated much lower than Opera and Firefox, at by CIS two years ago leveraged such least gives its user the comfort of vulnerabilities without using client-side knowing passwords wont be saved or scripting. The implication was that an transmitted without their personal attacker need not have full control over a attention. Used in combination with a target server or a victim's computer to more reliable browser, it would also be obtain a password from their web free of the broken URI parsing CIS browser. found in both Safari and Chrome. These three problems, combined with Take your browser for a test drive in seventeen others so far identified in version 2.0 of our interactive password Chrome's password manager, form a management demonstration at the CIS toxic soup of potential vulnerabilities that website. can coalesce into broad insecurity. CIS Testing Results Internet Google Test Performed Opera 9.62 Firefox 3.0.4 Safari 3.2 Explorer 7.0 Chrome 1.0 Action Authority Checked on Retrieval PASSED PASSED FAILED FAILED FAILED Action Authority Checked on Save FAILED PASSED FAILED FAILED FAILED www.info-svc.com/news/2008/12-12/ 1/4
  2. 2. 19.12.2008 Chapin Information Services Action Authority Raises Warnings FAILED FAILED FAILED FAILED FAILED Action Path Checked on Retrieval FAILED FAILED FAILED FAILED FAILED Action Path Checked on Save FAILED FAILED FAILED FAILED FAILED Action Scheme Checked on Retrieval PASSED PASSED FAILED FAILED FAILED Action Scheme Checked on Save FAILED PASSED FAILED FAILED FAILED Action Scheme Raises Warnings FAILED FAILED FAILED FAILED FAILED Action Scheme Prevented if Unsafe FAILED FAILED FAILED FAILED FAILED Autocomplete=Off Prevents Form Fills FAILED ? FAILED FAILED PASSED Invisiblility Prevents Form Fills PASSED FAILED PASSED PASSED FAILED Method Checked on Retrieval FAILED FAILED FAILED FAILED PASSED Method Raises Warnings FAILED FAILED FAILED FAILED FAILED Multiple Paths Per User Per Authority FAILED FAILED FAILED FAILED FAILED Multiple Ports Per User Per Host FAILED PASSED FAILED FAILED FAILED Multi. Schemes Per User Per Authority FAILED PASSED FAILED FAILED FAILED Page Path Checked on Retrieval PASSED FAILED PASSED FAILED FAILED Random Name Attr. Prevents Form Fills PASSED FAILED FAILED FAILED FAILED User Required for PW Retrieval PASSED FAILED PASSED FAILED FAILED User Required for PW Save FAILED FAILED PASSED PASSED FAILED Valid URIs Don't Break Anything PASSED PASSED PASSED FAILED FAILED Totals 7 7 5 2 2 * Google Chrome is the only PM that strictly adheres to the criteria for autocomplete by disabling itself. Firefox 3.0.4 will avoid filling a password when the page loads, but the PM remains attached to password fields for filling passwords. Test Descriptions Action Authority Checked on Retrieval To pass this test, the PM must never deliver a password to a domain other than the one to which the password was delivered when it was saved. For example, if a password is saved on a self-referring form, and then automatically filled in another form that points to a different website, then the PM has failed this test. Action Authority Checked on Save To pass this test, the PM must never overwrite the destination domain name of a password without explicit user interaction. For example, if a password is first saved on a self-referring form, and then re-saved on a form that points to a different website, and the PM prevents the password from being filled on the original form, then the PM has failed this test. Note the implicit requirement that a PM must distinguish authorities on retrieval. Action Authority Raises Warnings To pass this test, the PM must warn the user if the action authority does not match the page authority. For example, if a login form at www.info-svc.com:80 points to google.com or to www.info-svc.com:81, and the PM allows a user to save or submit a password using this form without notice, then the PM has failed this test. Action Path Checked on Retrieval To pass this test, the PM must never deliver a password to a path other than the one to which the password was delivered when it was saved. For example, if a password is saved on a self-referring form, and then automatically filled in another form that points to a different parent directory, then the PM has failed this test. Action Path Checked on Save To pass this test, the PM must never overwrite the destination path of a password without explicit user interaction. For example, if a password is first saved on a self-referring form, and then re-saved on a form that points to a parent directory, and the PM prevents the password from being filled on the original form, then the PM has failed this test. Note the implicit requirement that a PM must distinguish paths on retrieval. www.info-svc.com/news/2008/12-12/ 2/4
  3. 3. 19.12.2008 Chapin Information Services Note the implicit requirement that a PM must distinguish paths on retrieval. Action Scheme Checked on Retrieval To pass this test, the PM must never deliver a password using a protocol other than the one by which the password was delivered when it was saved. For example, if a password is saved on a self-referring web page, and then automatically filled in another form that uses e-mail to deliver the password, then the PM has failed this test. Action Scheme Checked on Save To pass this test, the PM must never overwrite the destination scheme of a password without explicit user interaction. For example, if a password is first saved on an http: form, and then re-saved on a form that uses https: or mailto: and the PM prevents the password from being filled on the original form, then the PM has failed this test. Note the implicit requirement that a PM must distinguish schemes on retrieval. Action Scheme Raises Warnings To pass this test, the PM must warn the user if the action scheme is potentially unsafe or does not match the page scheme. For example, if a login form uses an e-mail application that will display the password on screen, and the PM allows the user to save or submit a password using this form without notice, then the PM has failed this test. Action Scheme Prevented if Unsafe To pass this test, the PM must successfully abort a password delivery if requested by the user. Autocomplete=Off Prevents Form Fills To pass this test, the PM must never deliver a password when the autocomplete attribute is present and set to quot;offquot;. Invisiblility Prevents Form Fills To pass this test, the PM must never deliver a password using a form that is not visible. For example, if a login form is present on a web page but has its display property set to none, and the PM automatically fills the form allowing the password to be transmitted despite being invisible, then the PM has failed this test. Method Checked on Retrieval To pass this test, the PM must never deliver a password using an HTTP method other than the one by which the password was delivered when it was saved. For example, if a password is saved on a form that uses POST, and then automatically filled in another form that uses GET to deliver the password, then the PM has failed this test. Method Raises Warnings To pass this test, the PM must warn the user if the password submission method is potentially unsafe. For example, if a login form uses GET, which causes the password to be added to the address bar, and the PM allows the user to save or submit a password using this form without notice, then the PM has failed this test. Multiple Paths per User per Authority To pass this test, the PM must allow a user to save different passwords in different paths of a single domain using the same user name. Note the implicit requirement that a PM must distinguish paths in both the action URI and page URI. Multiple Ports per User per Authority www.info-svc.com/news/2008/12-12/ 3/4
  4. 4. 19.12.2008 Chapin Information Services To pass this test, the PM must allow a user to save different passwords using different ports on a single domain using the same user name. Note the implicit requirement that a PM must distinguish ports in both the action URI and page URI. Multiple Schemes per User per Authority To pass this test, the PM must allow a user to save different passwords using different schemes on a single domain using the same user name. Note the implicit requirement that a PM must distinguish schemes in both the action URI and page URI. Page Path Checked on Retrieval To pass this test, the PM must never deliver a password to a path other than the one at which the password was requested when it was saved. For example, if a password is saved on a self-referring form, and then automatically filled in another form that points to the same path but is located in the parent directory, then the PM has failed this test. Random Name Attribute Prevents Form Fills To pass this test, the PM must never fill a password in a form field whose name attribute does not match the name of the field that was used to save the password. User Required for Password Retrieval To pass this test, the PM must never fill a password without explicit user interaction. User Required for Password Save To pass this test, the PM must never save or overwrite a password without explicit user interaction. For example, if a password is saved with a username, and then the same form is re-submitted with the same username and a different password, and the PM then fills the new password into forms instead of the original password, then the PM has failed this test. Valid URIs Don't Break Anything To pass this test, the PM must never submit a password to the wrong URI or fail to submit a password to a valid URI as a result of erroneous action attribute parsing. For example, if the action attribute value is quot;mailto:localpart@www.info-svc.comquot; and the PM delivers a password to quot;http://www.info- svc.com/mailto:localpart@www.info-svc.comquot; then the PM has failed this test. www.info-svc.com/news/2008/12-12/ 4/4

×