notepad++ download and auto updater over http. No HTTPS

[kyhwana]

The text editor Notepad++ is not available to download via HTTPS. The download page: http://notepad-plus-plus.org/download/v6.7.7.html has no HTTPS option. There are SHA1 hashsums available at http://sourceforge.net/p/notepad-plus/discussion/1290588/thread/50b7b577/ however, if you try to view the SF page over HTTPS, it redirects you back to HTTP.

The windows installer from notepad-plus-plus.org isn't signed with authenticode or GPG.

The updater also downloads updates over http: (broIDS log) 1430292778.123006 Cg8gAZ3btr3usDc5H5 192.168.1.28 60982 188.165.49.149 80 1 GET notepad-plus-plus.org /update/getDownloadUrl.php?version=6.75 - - 0 855 200 OK - - - (empty) - - - - - FqrEek4U3sFZwB3gw text/plain 1430292785.398997 COtwkn1bzfxWjJ71Ml 192.168.1.28 60985 188.165.49.149 80 1 GET notepad-plus-plus.org /repository/6.x/6.7.7/npp.6.7.7.Installer.exe - - 0 8254766 200 OK - - - (empty) - - - - - FmuPH41d0xHYz9aYJ6application/x-dosexec

Executables via HTTP are easily MITMable with something like Evilgrade: https://github.com/infobyte/evilgrade

[sindarina]

Poked on Twitter: https://twitter.com/sindarina/status/593320234444050432

[sindarina]

Looks like they added HTTPS, but there are some issues; https://www.ssllabs.com/ssltest/analyze.html?d=notepad-plus-plus.org (B)

The certificate includes the wrong intermediate, and the chain is therefore incomplete. The cipher order and selection is suboptimal, and there is no reason to have 1024-bit DH keys active with nginx, or lack session caching.

Cipherscan Results

Target: notepad-plus-plus.org:443

prio  ciphersuite                  protocols              pfs_keysize
1     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                ECDH,P-256,256bits
2     ECDHE-RSA-AES256-SHA384      TLSv1.2                ECDH,P-256,256bits
3     ECDHE-RSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
4     DHE-RSA-AES256-GCM-SHA384    TLSv1.2                DH,1024bits
5     DHE-RSA-AES256-SHA256        TLSv1.2                DH,1024bits
6     DHE-RSA-AES256-SHA           TLSv1,TLSv1.1,TLSv1.2  DH,1024bits
7     DHE-RSA-CAMELLIA256-SHA      TLSv1,TLSv1.1,TLSv1.2  DH,1024bits
8     AES256-GCM-SHA384            TLSv1.2
9     AES256-SHA256                TLSv1.2
10    AES256-SHA                   TLSv1,TLSv1.1,TLSv1.2
11    CAMELLIA256-SHA              TLSv1,TLSv1.1,TLSv1.2
12    ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-256,256bits
13    ECDHE-RSA-AES128-SHA256      TLSv1.2                ECDH,P-256,256bits
14    ECDHE-RSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
15    DHE-RSA-AES128-GCM-SHA256    TLSv1.2                DH,1024bits
16    DHE-RSA-AES128-SHA256        TLSv1.2                DH,1024bits
17    DHE-RSA-AES128-SHA           TLSv1,TLSv1.1,TLSv1.2  DH,1024bits
18    DHE-RSA-CAMELLIA128-SHA      TLSv1,TLSv1.1,TLSv1.2  DH,1024bits
19    AES128-GCM-SHA256            TLSv1.2
20    AES128-SHA256                TLSv1.2
21    AES128-SHA                   TLSv1,TLSv1.1,TLSv1.2
22    CAMELLIA128-SHA              TLSv1,TLSv1.1,TLSv1.2
23    ECDHE-RSA-DES-CBC3-SHA       TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
24    EDH-RSA-DES-CBC3-SHA         TLSv1,TLSv1.1,TLSv1.2  DH,1024bits
25    DES-CBC3-SHA                 TLSv1,TLSv1.1,TLSv1.2

Certificate: UNTRUSTED, 2048 bit, sha256WithRSAEncryption signature
TLS ticket lifetime hint: 300
OCSP stapling: not supported
Server side cipher ordering

Cipherscan Analysis

notepad-plus-plus.org:443 has bad ssl/tls

Things that are bad:
* remove cipher EDH-RSA-DES-CBC3-SHA
* don't use an untrusted or self-signed certificate

Changes needed to match the intermediate level:
* remove cipher ECDHE-RSA-DES-CBC3-SHA
* remove cipher EDH-RSA-DES-CBC3-SHA
* consider using DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling

Changes needed to match the modern level:
* remove cipher DHE-RSA-CAMELLIA256-SHA
* remove cipher AES256-GCM-SHA384
* remove cipher AES256-SHA256
* remove cipher AES256-SHA
* remove cipher CAMELLIA256-SHA
* remove cipher DHE-RSA-CAMELLIA128-SHA
* remove cipher AES128-GCM-SHA256
* remove cipher AES128-SHA256
* remove cipher AES128-SHA
* remove cipher CAMELLIA128-SHA
* remove cipher ECDHE-RSA-DES-CBC3-SHA
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher DES-CBC3-SHA
* disable TLSv1
* use DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling

[sindarina]

Poked on Twitter: https://twitter.com/sindarina/status/596626227152162816

[tdelmas]

Looks like the Chain issues are solved, no ?

[kyhwana]

Yep, it's now up to an A! We can close this one. :)

[sindarina]

If you're running nginx there's no good reason to leave DH keys at 1024-bits, unless your targetting Java 6, which has been EOL'd for quite some time now. So that issue remains.

Also, has it been confirmed that it does in fact download over HTTPS now, and doesn't shunt you off to a Sourceforge HTTP page?

[sindarina]

Hmm, the site does offer the download over HTTPS, so that's good. The about box still lists the HTTP link, and the redirect adds an extra slash;

> Host: www.notepad-plus-plus.org
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
* Server nginx/1.6.2 is not blacklisted
< Server: nginx/1.6.2
< Date: Sat, 16 May 2015 03:52:02 GMT
< Content-Type: text/html
< Content-Length: 184
< Connection: keep-alive
< Location: https://notepad-plus-plus.org//

Not critical, but points to a configuration issue. While they're fixing this, they should also stop advertising the version of nginx in use.

The autoupdater in the current version is borked, however, so unable to test that;

Reinstalling it does not solve the problem.

[sindarina]

As for generating a 2048-bit DH key for nginx; https://duckduckgo.com/?q=nginx+2048+dhparam

[sindarina]

In light of the details of the Logjam attack (https://weakdh.org/), we are upgrading 1024-bit DH keys to a red level issue that should be resolved, as that key size puts it within reach of state-level adversaries and is no longer considered safe.

See https://github.com/isvsecwatch/httpstracker#a-note-on-dhdhe for details.

[sindarina]

No fix for 1024-bit DH yet, or confirmation that the download issue has been fixed.

[sindarina]

Changes were made, but still capped at 'B' due to 1024-bit DH keys; https://www.ssllabs.com/ssltest/analyze.html?d=notepad-plus-plus.org (B)

Which is completely unnecessary with that nginx version. Either define a 2048-bit DH key, or disable DHE ciphers altogether.

Cipherscan Results

Target: notepad-plus-plus.org:443

prio  ciphersuite                  protocols              pfs_keysize
1     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-256,256bits
2     ECDHE-RSA-AES128-SHA256      TLSv1.2                ECDH,P-256,256bits
3     ECDHE-RSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
4     DHE-RSA-AES128-GCM-SHA256    TLSv1.2                DH,1024bits
5     DHE-RSA-AES128-SHA256        TLSv1.2                DH,1024bits
6     DHE-RSA-AES128-SHA           TLSv1,TLSv1.1,TLSv1.2  DH,1024bits

Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
TLS ticket lifetime hint: 300
OCSP stapling: supported
Server side cipher ordering

Cipherscan Analysis

notepad-plus-plus.org:443 has obscure or unknown ssl/tls

Changes needed to match the intermediate level:
* add cipher AES128-SHA
* consider using DHE of at least 2048bits and ECC of at least 256bits

Changes needed to match the modern level:
* disable TLSv1
* use DHE of at least 2048bits and ECC of at least 256bits

[sindarina]

No change. Poked on Twitter; https://twitter.com/isvsecwatch/status/617251410246258688

[sindarina]

No change, still unresolved.

[isvsecwatch-report]

No change, still sporting 1024-bit DH keys.

[isvsecwatch-report]

Closing as unresolved, no response from site owner.

[kyhwana]

https://www.ssllabs.com/ssltest/analyze.html?d=notepad-plus-plus.org now gets an A+.

[isvsecwatch-report]

Removing the cipher-related tags, no news on whether HTTP links have been replaced yet.