what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Abine Blur Password Manager 7.8.242x Insecure Permissions

Abine Blur Password Manager 7.8.242x Insecure Permissions
Posted Mar 16, 2018
Authored by RS Tyler Schroder

Abine Blur Password Manager versions 7.8.242x before 7.8.2428 suffer from an insecure permissions vulnerability.

tags | advisory
advisories | CVE-2018-8213
SHA-256 | d35ca9e58012e322460b49e0af6d4248438c8d2846cef5cfdd33bdffd671983f

Abine Blur Password Manager 7.8.242x Insecure Permissions

Change Mirror Download
Abine Blur Password Manager Insecure Permissions
Module: Blur Web Extension
Announced: 2018-03-10/16
Credits: RS Tyler Schroder
Affects: 7.8.242* BEFORE 7.8.2428
CVE ID: CVE-2018-7213

I. Background
Abine Blur is a password management suite combined with online anonymity
tools designed to help consumers remain anonymous in the digital era.
https://abine.com

II. Problem Description

The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 allows
attackers to bypass the Multi-Factor Authentication and macOS
disk-encryption protection mechanisms, and consequently exfiltrate secured
data, because the right-click context menu is not secured.

II.I Technical
Abine Blur 7.8.242* failed to secure the right-click context menu, allowing
an attacker with either physical access or remote-desktop access to disclose
passwords, emails, and usernames of the victim without triggering a
second-factor request.

III. Impact
Access to secured data can lead to secure information exfiltration, a 2FA
bypass, and a further undisclosed MacOS(x) disk encryption console bypass
(to access secured Abine Blur data).

IV. Workaround
No workaround, as the vendor has issued a patch.

V. Solution
Update your browser plug-in per your browser vendor's instructions. Firefox
5x.xx and Chrome 63.x are known to automatically update to the latest
version.

VI. Timeline of Events
* 2018-02-13: Discovery of Vulnerability
* 2018-02-13: Vendor Contacted
* 2018-02-14: CERT/CC activated for vendor PGP coordination
* 2018-02-14: Vendor responds (PGP)
* 2018-02-15: CERT/CC [VU#714299] unable to assist further
* 2018-02-16: MITRE Contacted for CVE
* 2018-02-17: MITRE Confirms & Issues CVE (CVE-2018-7213)
* 2018-02-28: Patch Issued
* 2018-03-10: Public Disclosure.

Further Details: https://redcoded.com/2018/CVE/ |
https://addons.mozilla.org/en-US/firefox/addon/donottrackplus/versions/?page
=1#version-7.8.2428

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2

owF9VXtwE0UYb9EixJbXiPXBY6EKFJqEhNLSgFNKH0yU0tKWgjBFL3ebZCd3t/Fu
jzSoA86oPHVA6SBiHaDKWCgwQp3CH4Igan2gKIpAh+koIkJFRS2vGajf3iWh0Rn/
aLp7+z1+3+/77bdrM+5I6Ze69CH3c5saR2Slfn7Rl7KgpSS/yEdUjGbIhoYqBV2P
UE1C5YIqBLCGvKqORUPDqBJrCtF1QlU9w1ZOJUPGHstnHvah0nqGVX6YYStSVWqo
IpY8yD3RNcU+cZLdNdHpysuwFWtYIkz3oKpqVBOVIXq1GNSohDXw8vuxyM/yHVMc
7lz3eDSjtKyiqjS+nwLutaXIW+JB8N9uRs53uyZl2DJsXgeaIYihgAZ5JQh1uxyi
IwGF4zUpZk0KVhnSDcIwEqnCbSUUISyIqCpzR0GlalQhLIoYpbKOJKyTADdiFAWx
HAYvVTcUrOlIw4pA1JgHNXQEGxbESCIBwgQZYU1woCBjYd3jdAo8lQNSmpABc6VG
fTJWUAnWRY2Emclehq0GAvynDQl+eYpeBSbY8mE/hS7F2UKCLNMIVM8YMMOxAnpf
lFNhIiw3ZEbsZYLIqIaKDPikMiIKHAOUw6kSK6qhDj1kx6qoRU10KKxRBl3iSwWL
QUEluqLnmA6cFPyUAWHkKML1fiIzTQCKLfVISBKYkAMoRcHQsQlBI4Egs4syEUPc
m+F6BlFVgzdNpSzu6YjR5UU1kFIFkHJSixMM+AUiW12KKfb/kuRYBBE1AOgTLFk6
wPAD63AwqvNsSBBFDLQBUdBvIMAOiggxGo4fQEYgSpQpFBbXGrDCtSHH2IGaNVVQ
METxm7gWE6BRMfNRgyEGOKHNJhwOn6qS3W81R+Os6ixGA8jGq4ThBDhIZO/NMRKh
HhkLvYkgKmhDsZqbaA1sctAFAbnLimLCsKAKyG9oJgFwmWJlcR2CHsbVZ5uSQL0k
wftOZRzX1jjIGqMljqpXrzjAbKuSWgeaR7WQELuzsymKJLYAxFLpYqxKQEEQtjB6
DCyZt5mJQTMGhKimsmHdm7lhicstSiGNTwPp8w7KRsAO9yUM66QDK+6PyzbyG6sz
zTA1rTtQGdHgHtWjyfWO+nqTjmIYUApGeZMcsAcuQyqNqJxbwWCUcwoKAcUbVnr4
znHLsNYZpNH4lbXAQudqiILNEQMiKAUMDCbp+NiQdNtdkzyoBAin4BblJrWGrMIE
8REZhtG/LWstaopB06AGLCWd58KQLK2qcRYXQzMYWQxwJAQaiBNaObMSGgcyJR+c
UQWLwGT3WHgN62HQIvQVXLKTjCbfzrGwdm5WvivXXVBQB6IRYKiZBMFjASTE1JTk
m+dB5d4aGO4J+CY6GOxJZvm9zPxEU3Q0Bnm5DnRuisYlPQRJ6NxTPDBDQSiWfS92
+GMEZ4YPRoJJN+gbZGr2qCwm/BLM+NX1JEY3yFiEZ0ri09vJ4zghtRM9c3u2SxLX
j0KXEFkWHFQLOLFqn1vt9FuCsgyc8EcZXD4xBNLUnTF96M7CMAz5R1xZsQ/2xBRf
2WfYnSmp/VL6pvXhD3WKrf+g+Ou9afnAnrIPv5ra6Cn/YV/NV5+uvXr0rtrpo1/v
OXXP8ZY7Gypevuedu8vI0oMFLWt29H2wdsSlwQUteemP/TI8u7lLOX9KPTZsZ+He
ZwYXVpxDD3x9tujKtd9OdDRvK/xj1jrj9JBlke2+w+Stc1tw64a6oZ4b7RNdrpYO
saJ/Xl1e2V8lRZsPbW1bwibIox9u2eJc/VHzqcvHFmXdONm09t2bWzI6X5q/OW1h
WtfkPd+9oW/OHDl8yb4/v1nTPfv9002+P7PIidVH5t+1e1r3lf0fjm0/Upn593vp
HRddkU8avn7ls8ync3xKnrDUGPUTcU9NGbXoUu6J1Z030y7Yv1//+xPpK9t8ubsH
9Ez4bdT0pn3+XZEjP4+adfnHV7/c+W3nuXVzjt0vCU2f958rDsqd19btNaZfb390
zth+uzrbVi6ac2BgyJZZPHLB6YX5DelXWnM3jOnTcejM9av3nfrmiQk7om//lHk4
NLRVOfpxuz5be/z3ATMG3lu46/Urzz7fGNn33tHrX2z7dEHzwe6GkU/2GdrV7+8H
JPsecVbPyYKqP4pbX3DPXtFynO5u/Ln97JBxA8hCdljsnlm7qq4h+NqtIbjnJW/K
5j0j1s1M3dTy5aDsFxvPTu12HEiVm9ann/hs/5E6efibYe/WAeHzn4y+EPn1+IUu
17IFtzZOY9v9l/aPvu/W0L7Gira911rdL47fuJwtOvz91h8eXnV5WGO475PT/gE=
=nyj5
-----END PGP MESSAGE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close