BugTraq
RedCoded ISR: Abine Blur Password Manager Insecure Permissions (CVE-2018-8213) Mar 16 2018 10:25PM
\(RS\) Tyler Schroder (redorhcs redcoded com)
Abine Blur Password Manager Insecure Permissions
Module: Blur Web Extension
Announced: 2018-03-10/16
Credits: RS Tyler Schroder
Affects: 7.8.242* BEFORE 7.8.2428
CVE ID: CVE-2018-7213

I. Background
Abine Blur is a password management suite combined with online anonymity
tools designed to help consumers remain anonymous in the digital era.
https://abine.com

II. Problem Description

The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 allows
attackers to bypass the Multi-Factor Authentication and macOS
disk-encryption protection mechanisms, and consequently exfiltrate secured
data, because the right-click context menu is not secured.

II.I Technical
Abine Blur 7.8.242* failed to secure the right-click context menu, allowing
an attacker with either physical access or remote-desktop access to disclose
passwords, emails, and usernames of the victim without triggering a
second-factor request.

III. Impact
Access to secured data can lead to secure information exfiltration, a 2FA
bypass, and a further undisclosed MacOS(x) disk encryption console bypass
(to access secured Abine Blur data).

IV. Workaround
No workaround, as the vendor has issued a patch.

V. Solution
Update your browser plug-in per your browser vendor's instructions. Firefox
5x.xx and Chrome 63.x are known to automatically update to the latest
version.

VI. Timeline of Events
* 2018-02-13: Discovery of Vulnerability
* 2018-02-13: Vendor Contacted
* 2018-02-14: CERT/CC activated for vendor PGP coordination
* 2018-02-14: Vendor responds (PGP)
* 2018-02-15: CERT/CC [VU#714299] unable to assist further
* 2018-02-16: MITRE Contacted for CVE
* 2018-02-17: MITRE Confirms & Issues CVE (CVE-2018-7213)
* 2018-02-28: Patch Issued
* 2018-03-10: Public Disclosure.

Further Details: https://redcoded.com/2018/CVE/ |
https://addons.mozilla.org/en-US/firefox/addon/donottrackplus/versions/?
page
=1#version-7.8.2428

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2

owF9VXtwE0UYb9EixJbXiPXBY6EKFJqEhNLSgFNKH0yU0tKWgjBFL3ebZCd3t/Fu
jzSoA86oPHVA6SBiHaDKWCgwQp3CH4Igan2gKIpAh+koIkJFRS2vGajf3iWh0Rn/
aLp7+z1+3+/77bdrM+5I6Ze69CH3c5saR2Slfn7Rl7KgpSS/yEdUjGbIhoYqBV2P
UE1C5YIqBLCGvKqORUPDqBJrCtF1QlU9w1ZOJUPGHstnHvah0nqGVX6YYStSVWqo
IpY8yD3RNcU+cZLdNdHpysuwFWtYIkz3oKpqVBOVIXq1GNSohDXw8vuxyM/yHVMc
7lz3eDSjtKyiqjS+nwLutaXIW+JB8N9uRs53uyZl2DJsXgeaIYihgAZ5JQh1uxyi
IwGF4zUpZk0KVhnSDcIwEqnCbSUUISyIqCpzR0GlalQhLIoYpbKOJKyTADdiFAWx
HAYvVTcUrOlIw4pA1JgHNXQEGxbESCIBwgQZYU1woCBjYd3jdAo8lQNSmpABc6VG
fTJWUAnWRY2Emclehq0GAvynDQl+eYpeBSbY8mE/hS7F2UKCLNMIVM8YMMOxAnpf
lFNhIiw3ZEbsZYLIqIaKDPikMiIKHAOUw6kSK6qhDj1kx6qoRU10KKxRBl3iSwWL
QUEluqLnmA6cFPyUAWHkKML1fiIzTQCKLfVISBKYkAMoRcHQsQlBI4Egs4syEUPc
m+F6BlFVgzdNpSzu6YjR5UU1kFIFkHJSixMM+AUiW12KKfb/kuRYBBE1AOgTLFk6
wPAD63AwqvNsSBBFDLQBUdBvIMAOiggxGo4fQEYgSpQpFBbXGrDCtSHH2IGaNVVQ
METxm7gWE6BRMfNRgyEGOKHNJhwOn6qS3W81R+Os6ixGA8jGq4ThBDhIZO/NMRKh
HhkLvYkgKmhDsZqbaA1sctAFAbnLimLCsKAKyG9oJgFwmWJlcR2CHsbVZ5uSQL0k
wftOZRzX1jjIGqMljqpXrzjAbKuSWgeaR7WQELuzsymKJLYAxFLpYqxKQEEQtjB6
DCyZt5mJQTMGhKimsmHdm7lhicstSiGNTwPp8w7KRsAO9yUM66QDK+6PyzbyG6sz
zTA1rTtQGdHgHtWjyfWO+nqTjmIYUApGeZMcsAcuQyqNqJxbwWCUcwoKAcUbVnr4
znHLsNYZpNH4lbXAQudqiILNEQMiKAUMDCbp+NiQdNtdkzyoBAin4BblJrWGrMIE
8REZhtG/LWstaopB06AGLCWd58KQLK2qcRYXQzMYWQxwJAQaiBNaObMSGgcyJR+c
UQWLwGT3WHgN62HQIvQVXLKTjCbfzrGwdm5WvivXXVBQB6IRYKiZBMFjASTE1JTk
m+dB5d4aGO4J+CY6GOxJZvm9zPxEU3Q0Bnm5DnRuisYlPQRJ6NxTPDBDQSiWfS92
+GMEZ4YPRoJJN+gbZGr2qCwm/BLM+NX1JEY3yFiEZ0ri09vJ4zghtRM9c3u2SxLX
j0KXEFkWHFQLOLFqn1vt9FuCsgyc8EcZXD4xBNLUnTF96M7CMAz5R1xZsQ/2xBRf
2WfYnSmp/VL6pvXhD3WKrf+g+Ou9afnAnrIPv5ra6Cn/YV/NV5+uvXr0rtrpo1/v
OXXP8ZY7Gypevuedu8vI0oMFLWt29H2wdsSlwQUteemP/TI8u7lLOX9KPTZsZ+He
ZwYXVpxDD3x9tujKtd9OdDRvK/xj1jrj9JBlke2+w+Stc1tw64a6oZ4b7RNdrpYO
saJ/Xl1e2V8lRZsPbW1bwibIox9u2eJc/VHzqcvHFmXdONm09t2bWzI6X5q/OW1h
WtfkPd+9oW/OHDl8yb4/v1nTPfv9002+P7PIidVH5t+1e1r3lf0fjm0/Upn593vp
HRddkU8avn7ls8ync3xKnrDUGPUTcU9NGbXoUu6J1Z030y7Yv1//+xPpK9t8ubsH
9Ez4bdT0pn3+XZEjP4+adfnHV7/c+W3nuXVzjt0vCU2f958rDsqd19btNaZfb390
zth+uzrbVi6ac2BgyJZZPHLB6YX5DelXWnM3jOnTcejM9av3nfrmiQk7om//lHk4
NLRVOfpxuz5be/z3ATMG3lu46/Urzz7fGNn33tHrX2z7dEHzwe6GkU/2GdrV7+8H
JPsecVbPyYKqP4pbX3DPXtFynO5u/Ln97JBxA8hCdljsnlm7qq4h+NqtIbjnJW/K
5j0j1s1M3dTy5aDsFxvPTu12HEiVm9ann/hs/5E6efibYe/WAeHzn4y+EPn1+IUu
17IFtzZOY9v9l/aPvu/W0L7Gira911rdL47fuJwtOvz91h8eXnV5WGO475PT/gE=
=nyj5
-----END PGP MESSAGE-----
0? *?H?÷
 ?0?10
 `?He0? *?H?÷
 ?ÿ0?50? ,?L?a«EÃË?:knë0
 *?H?÷
 0?1 0 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CA0
171117000000Z
181117235959Z0&1$0" *?H?÷
 redorhcs (at) redcoded (dot) com0 [email concealed]?"0
 *?H?÷
?0?
?Çðlãod}×ñu4¢¶6Âûgû,p¬?â×¼@2p?"i?¡&1:®,«_¦ä?Ñ®Äzs!VMÔXÒð.(ÿ¤
ô?@Y??Ôéåf==ÎèK®DÅJül?)Ã?ÿá3Ùù4?l¿?18C>&O©¡«r?ÁåL?? Vïo(sj
¼%ç=EJâCBO/¾?¨¡ºtÓ?är8±U?l9ûã§???êê?K±??'¸Þ¡?©ðé?Á:µ_üÁ1ÎbglSÿ
uä"?Wi??lûíA8?YTlâMÄ»þío?kcÙâ??¸ÓUÒ7]«3£?ë0?ç0U#0??¯l
?øÅþ?a|è=+qH^Ä?À0U?G³ù??4'`-Â4Æ I0Uÿ 0 Uÿ00 U%0+ +²10 `?H?øB 0FU ?0=0; +²10+0)+https://secure.comodo.net/CPS0ZUS0Q0O M
 K?Ihttp://crl.comodoca.com/COMODORSAClientAuthenticationandSecureEmailC
A.crl0?+0}0U+0?Ihttp://crt.comodoca.com/COMODORSACli
entAuthenticationandSecureEmailCA.crt0$+0?http://ocsp.comodoca.
com0 U0redorhcs (at) redcoded (dot) com0 [email concealed]
 *?H?÷
 ?(Æ|[[¶4ù??( N¥Ò?Èø«»»Üî20÷?¹*¡×fp?Iw
û*Tû{ ¾ø>]ÿƲäuU)Ý$búö>Ëãf?WSBÎG?  Î'©KK?êùÜEêùìßT?#?Ôý¢?\w?¦AÁÇ=ONE\ÖÀ/YÉ@þ?°?ú1×e:?æ%V°?ïË?ø??¿%
UðHÌ`ãÖø¤*ó· xr §à{;Ï ø³ÿî`?*ÛÿA&(U?´Á¬§âÑ?N
<©ãÇ?ÅÀ?a!31ññT]?Òù¿í1q3?F'Þy7{¨ç-?[©Æ¾[Tª®?Û7=0?Ø0?À LªùÊ
Ûcoà÷NØ[?0
 *?H?÷
 0?1 0 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1+0)U"COMODO RSA Certification Authority0
100119000000Z
380118235959Z0?1 0 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1+0)U"COMODO RSA Certification Authority0?"0
 *?H?÷
?0?
??èT?Ò
V±¬
$ÝÅÏDgt?+7£}#pq¼SßÄú*KV½?pr·aÉK§=ã°aîÿ?Çô?>
ú>\ù?æ4zÙkç?³? ?zv¯q×ìý
ú?lúß°?ô~ù¾Ä¦/O?µügCr½ Ö?ëk,Óí?«~åãnüبä?$ÚCkb¸UýêÁ¼l¶?ó?ä?li?øxH0EÕ­á
<E`ü2?Q'¼gÃÊ.¶kêFÇÇ  ±eÞHº¤N©ò?F7?ëè́HCgNr*?\½L(?\"{´«?ÙîàQ?à FNm>?ú?Ú|3WA<Qí ¶\¯,cßWÈ?¼é]Ä?¯E?â£Z$´º©V=ÏoªÿIX¾ð¨ÿô¸­é7ûº¸ô :ùèCB?
Ø?ËñÙ»á?`¸?(V¬?
çqëÏÝ=©?¡H½<÷¯µ
"LÀìV;öÓ¢â[·²"R???iè?Leñ?-ptê?g)iR»×ßPjUF¿ £(apÐâª,!ªGÎ(?Ev¿?
'´Õ®´ËPækôL?q0é¦ß?àØÿ@ÝûÐB?£3:.\AcÎqk+ì¦?·1\:jGàÃyYÖ ¯òj?ªr¼WJÒK»ü°LAåí=^(?Ì¿³QÚ§Gå?S£B0@0U»¯~=ú¦ñ<??­î8?ì
Ù22Ô0Uÿ0Uÿ0ÿ0
 *?H?÷
 ?
ñÕF?·®Q»l²MA?L?ËåÀTÏ %?ùý°¢
õ ?<-¬V¢°Ö~?é.º?.?r±½Dla5¢?´iZ?á×>¤è/ô®a*¤?zÅþ¦áÀÖÈþ?®+º=?øØs XFn¦?ô×'Ó?Ú7?rÓsà¢G?8]ÕIy)Çì? $iWx²9ü:? µ?|¿.?b'·9Ú®½< hÿ??<ÕÖ ãW?÷ÑëOȽ?#·¶ICy?\ºë? ¡Æèh¨L±?
èS,?»¡ u e¨{Ë#·Â(?ÃÿÐ+bï¤{ ??g?Íhjc!u???nÆ?ò©¤-çô¥$G?ÊÍôyX±?ç*ٝ×?}íJÊðÛè©>õV?É?I=»å ¹àOI?=?@ÌÌYÆæ:í.i<l?±ýª{?¾2FûûuL?KFcþ4@pÁù¡Ý¦pâ³A¼é??êd?zá"©
?noeOl??^ón ùu¥?@èS²'J¹Àw!ÿ?òÞ¼?ïß·I Ñòn0 NvíüõéV²}¿Çm
??¥ÐÀ¶¾:N?¢×nl Â?|ú óÄäåÍ
¨Ë??±|?ìµif?çÍÎÈ-¦Q!Á5S?J]?­»_t0?æ0?Πj?á8;ÿ+k?ÕÙ¸§RV0
 *?H?÷
 0?1 0 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1+0)U"COMODO RSA Certification Authority0
130110000000Z
280109235959Z0?1 0 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CA0?"0
 *?H?÷
?0?
?¾³?W¬(vu@Ç8?ÓÆv!Pó%y Lµ Ñ}:X>?§1.§ö4vÙ?jÚÐ=4Häêõ»¬ßù±K ýhyt4¦z|µ?e`'?"?¦2þ©@rF5¤PÈ3*U¥T?²+å%4D5ÿ?+
Áê÷ZSüu+Ýò­=7F_ÅÀZßÕtÂÁ­e?ùä
?>)?
?·94êFöªñ¥?ro?8ÈÓpN¬ÚhúFF¥Áì?#µþíNe6?£Ì/M{UWÕÁÖ±ïm¤ÃÉA ÚY?º??T"oç)º
CI °ÊÃòm8è4$.zW4 ?ârÔ^M9,RÆß$
ûµ£?<0?80U#0?»¯~=ú¦ñ<??­î8?ìÙ22Ô0U?¯l?øÅþ?a|è=
+qH^Ä?À0Uÿ?0Uÿ0ÿ0U 
00U 0LUE0C0A ? =?;http://crl.comodoca.com/COMODORSACertificationAuthori
ty.crl0q+e0c0;+0?/http://crt.comodoca.com/COMODORSAAdd
TrustCA.crt0$+0?http://ocsp.comodoca.com0
 *?H?÷
 ?x\²(4O<î_VÎ??V쏢köóöIÔØ/5Íß@þÓqãèìB !ãf°k&k®nü?ì{hJd|ÓÐ q?è[êÜLÖòïÇ¿á?¬Ò??Ûù"@ÜfCíýâO³ÝrXôurËÔçJñ¤H5;#?ñù6ÎûÏã8©jle¥?) Ì)Y?üõ4Â?Nûezyq{:Íçãýªª?k?x£%§×òiÚ?:w#f6?Há?LP~jo9KXúÞnãíMº»
¼àêÌ#:¯!!6ßùéæÓ9i\®êß}§^ÛM¶;ûTSXâ7Ö Ì¯Ç3?]?òþTc?6ÄO$ÐvïoXú*5!?·ÎÛÞÛÔ?¢4êüà?èËçÍ.?ïaÏÐôKE8?HI?Ĺ7??ð
?µö¹?AréðÀ}ßr#㾠ÏR?/öhö<ÉסÎæn´¶Ùuy<1 3ýmÉ?v?#??~&ípý?v?gö' s°°kMH#íò/ƨ­?°è$/uX? qíÂT??Õu?(?|à^Ø-vMÒ?»NKX?7fA\X??5s?èh2?ôê½q¹¿¼æP
Í\YÇ?ÛE¤ÊNRüarÈòpGÑÖtZ³pêþ_"§³Ík?7DdêJVGÊz1?Í0?É0¬0?1 0 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CA,?L?a«EÃË?:knë0
 `?He ?ñ0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
180316222507Z0N *?H?÷
 1?0=t|?Q¯?ï@}åú¸?00redorhcs (at) redcoded (dot) com0 [email concealed]O *?H?÷
 1B@m$®
I Ä+©ûi¹~Ð*DyAmAo1?  èýF{k¸ ?ÿǼGD?Ʋëâ-¯?s.fëy×0? *?H?÷
 1?0?0  `?He*0  `?He0
*?H?÷
0  `?He0*?H?÷
?0
*?H?÷
@0  `?He0  `?He0  `?He0+0½ +?71¯0¬0?1 0 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CA,?L?a«EÃË?:knë0¿ *?H?÷
  1¯ ¬0?1 0 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CA,?L?a«EÃË?:knë0
 *?H?÷
?§jò
XmtBv¡Ûaz_GgJ00?E?ia??{¬g84K·?./ìåt÷£?¬Ri?ßtû?æ£é)_
?ÁúÃî?ùÃwÌt?,Eh?nadïL¹Àúj¡?Æ2æ:κ½ßù³þ³Ze°ß|ç½Ôå§?&¨²ë/lõk?©Òúx\ QÉ?
h>p@ú¶¼¤:Õõ ?9½l{U`Ô?<:à\Ô.q9©H1Á q?_? a?í¸ÌÏ{.w0I:ä©XH1}çu¥~s?¢pM§=îë§éseeæªG.v>Í?s ×XVì2èȐ¬ï1ÞgXÓ?ÍÀ,7

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus