search

kee-org / KeeFox

Legacy browser and XUL application integration with KeePass Password Safe. See https://github.com/kee-org/browser-addon for the new version for Firefox 57+
https://forum.kee.pm
418 stars 48 forks source link

Network Process #634

Closed serialpsychokillerfromhell closed 8 years ago

serialpsychokillerfromhell commented 8 years ago

Hello, sorry my English mistakes, I'm using google translator. I'm using the "Process Hacker" software, and I noticed a strange behavior during network monitoring. Whenever Firefox is open and KeeFox is disabled, the Process Hacker displays these two items (the number of ports is only changed when Firefox is restarted):

firefox.exe (416), activate.adobe.com, 49675, activate.adobe.com, 49676, TCP, Established, firefox.exe (416), activate.adobe.com, 49676, activate.adobe.com, 49675, TCP, Established,

Until then I do not see it as a problem, but when Firefox is open and the KeeFox enabled, the Process Hacker displays abnormal behavior, and list these two items (sometimes there are more than two items, and the number of doors they are changed every second):

firefox.exe (4612), activate.adobe.com, 49827, activate.adobe.com, 12546, TCP, SYN sent, firefox.exe (4612), activate.adobe.com, 49828, activate.adobe.com, 12546, TCP, SYN sent,

Then, once the KeeFox is disabled, the listed processes return to normal behavior.

I made several tests using the KeeFox 1.5.4 and KeeFox 1.6.0b2, with installed KeePass and also uninstalled it, the Firefox profile was clean and had no other addon installed.

keefox

serialpsychokillerfromhell commented 8 years ago

I used the Keefox for a long time, but because of this behavior, I prefer not to use this addon, it is unfortunate, I always considered a very useful plugin, but this serious flaw could be exploited by malicious applications, including compromising the security of stored passwords in KeePass.

luckyrat commented 8 years ago

You have some kind of 3rd party hack or malware on your system.

You'll find probably find that "activate.adobe.com" resolves to 127.0.0.1 which is your local network address - i.e. not an address outside of your machine so KeeFox is not compromising the security of your KeePass passwords.

There's lots more information about how KeeFox secures the connection to KeePass available in the wiki if you're interested: https://github.com/luckyrat/KeeFox/wiki/en-%7C-Technical-%7C-KeePassRPC