CVE-2020-10256 for all beta versions of the 1Password command-line tool and SCIM bridge released prior to December 24, 2018

Published:

To see if you’re affected, go to https://1password.com/cli-beta-check and sign in to your account.
If you’re affected, you can update your account with a click.

About the issue

An issue was discovered in early beta versions of the command-line tool prior to 0.5.5 and early beta versions of the SCIM bridge prior to 0.7.3. Both tools were using low-entropy random numbers when creating the following keys:

  • Provisioned User keys
  • Group keys
  • Vault keys
  • Document keys

The bug was discovered internally on December 24, 2018, and fixes for both tools were released the same day: command-line tool 0.5.5 and SCIM bridge 0.7.3. On February 4, 2019, the 1Password server was updated to prevent the use of affected versions of the tools.

In September 2020, we began to contact affected customers and provide a tool that replaces all affected keys. The issue affected 0.03% of 1Password accounts. We have no reason to believe that any data has been compromised.

This issue is listed under the Common Vulnerabilities and Exposures (CVE) ID CVE-2020-10256.

Who may be affected

The low-entropy encryption keys were only created by beta versions of the command-line tool and SCIM bridge released prior to December 24, 2018. You may be affected if you used:

  • the 1Password command-line tool beta 0.5.4 or earlier
  • the 1Password SCIM bridge beta 0.7.2 or earlier

To see if you’re affected, go to https://1password.com/cli-beta-check and sign in to your account. If you’re affected, you can update your account with a click.

  • You may not be affected. If the tool says you aren’t affected, you aren’t affected and no changes will be made to your account.
  • Your data is safe when you use the tool to update your account. We’ve taken great care to guarantee data integrity throughout the process. Additionally, because there would be no security benefit to generating new keys for unaffected data, the tool will only regenerate keys for affected data.
  • You may need to notify your team. If you’re an account owner, the tool will provide a list of team members that also need to run the tool. When a team member uses the tool, it will update their Private vault if necessary, and any files within it.

Impact and exploitability

The bug affected the creation of symmetric keys, but not the use of existing symmetric keys. Users, groups, vaults, and Documents created on 1Password.com or in any other 1Password apps were not affected, even if you had one of the affected tools installed. For example, items added or modified by one of the affected clients would still be encrypted by a strong key if the vault was created elsewhere.

To exploit the weak keys, an attacker would need:

  • Access to the user’s encrypted 1Password data. The data could be captured from either a user’s device or a 1Password server. An attacker who breaks TLS and captures data in transit would not acquire the data needed to exploit this bug.
  • Awareness of the bug. This could be deduced by a careful analysis of generated keys.
  • Knowledge of which keys were affected. This could be gained by attempting an attack on all symmetric keys, accessing 1Password server logs, or guessing at user behavior.

A malicious insider or someone who compromises us might be in a position to have all three of those things, and therefore be able to crack a weak vault key and decrypt items in that vault, for example.

Commentary

The command-line tool was initially conceived and developed as a proof of concept. Systematic static analysis, which uncovered the bug, was not introduced until after the tool was released in beta. Because the SCIM bridge shares code with the command-line tool, it was also affected.

When the bug was discovered, we were already restructuring how client code development is managed, and the discovery of the bug affirmed our decision to enforce static code analysis across every team and project. We’ve always highly restricted internal access – even to user-encrypted data. In this specific instance, we also limited awareness of the bug to those who needed to address it. After we analyzed the impact of the bug, we developed a tool to allow 1Password customers to determine whether they’re affected by the bug and easily replace all affected keys.

Automated testing and enforcement of secure coding practices is essential. The bug was discovered through static analysis of the command-line tool source, which looks for, among other things, the use of insecure random number generators. If we had automated static analysis in place at the time, the bug would have been identified and fixed before the beta release.

The 1Password security team, which bears ultimate responsibility, has increased its staff and introduced more formal mechanisms for monitoring and assisting development teams. The security team is continuing to make regular improvements in this area.