J-Security Center

Title: Counterpane Password Safe Insecure Encryption Vulnerability

Severity: MODERATE

Description:

Counterpane Password Safe is a password storage application for Microsoft Windows operating systems.

Counterpane Password Safe is susceptible to an insecure encryption vulnerability that allows easier brute force decryption attacks.

Password Safe uses a key-stretching algorithm designed to dramatically slow down brute force password guessing attacks. A random value is encrypted with the Blowfish algorithm one thousand times with a value derived from the password used as the encryption key. In order to brute force attack the Password Safe database, an attacker must follow the same one thousand encryption steps on every password guess. This is done to make brute force attacks much more time and resource intensive, lowering the likelihood of a successful attack.

A design flaw in the encrypted database format allows attackers to perform a single calculation of the much simpler SHA1 hash computation of a password and the salt value, and then using this value to decrypt the first encrypted block in the database. If the three most significant bytes of the result are zero, the attacker then proceeds to employ the full one thousand round password algorithm to determine if they have guessed the correct password.

The probability of the three most significant bytes being zero is stated to be approximately one in every sixteen million password guess attempts, drastically reducing the complexity of brute force attacks against the Password Safe database.

This vulnerability allows attackers with access to the Password Safe database to employ a brute force password guessing attack against the database much more efficiently that the Password Safe design intended. The data contained in the Password Safe database aids malicious users in further attacks.

Affected Products:

  • Counterpane Password Safe 0.0.02.x
  • Counterpane Password Safe 1.7.1
  • Counterpane Password Safe 1.92.0b
  • Counterpane Password Safe 2.13.0

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.