CVE-2022-32550 for 1Password apps and integrations

Published:

About the issue

There was an issue with the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service.

This issue was discovered by Cure53, a penetration testing company that is regularly contracted by 1Password to perform security assessments on 1Password products. 1Password has no reason to believe that this issue was discovered or exploited by anyone else. It has been assigned identifier CVE-2022-32550 in the Common Vulnerabilities and Exposures database

Who is affected

The following 1Password apps are affected:

  • 1Password for Mac 7 (prior to 7.9.5)
  • 1Password for Mac 8 (prior to 8.7.1)
  • 1Password for Windows 7 (prior to 7.9.829)
  • 1Password for Windows 8 (prior to 8.7.1)
  • 1Password for Linux (prior to 8.7.1)
  • 1Password for Android 7 (prior to 7.9.3)
  • 1Password for Android 8 (prior to 8.8.0-104)
  • 1Password for iOS 7 (prior to 7.9.6)
  • 1Password for iOS 8 (prior to 8.8.0-94)
  • 1Password in the browser (prior to 2.3.4)

The following 1Password integrations are affected:

  • 1Password CLI 1 (prior to 1.12.5)
  • 1Password CLI 2 (prior to 2.3.0)
  • 1Password SCIM Bridge (prior to 2.3.2)
  • 1Password Connect Server (prior to 1.5.3)

Update 1Password to a version that is newer than the ones listed above.

To upgrade 1Password Connect Server, configure Docker or Kubernetes to use version 1.5.3 or latest, then restart your container or pod according to your standard upgrade procedures.

Impact and exploitability

If you use a 1Password app or integration in an environment with a compromised network connection, a person-in-the-middle attacker can manipulate your 1Password app or integration into connecting to their server instead of the 1Password service.

This issue could impact you when all the following are true when you use your 1Password app or integration:

  • You are using a compromised network connection, where an attacker can read and manipulate network requests
  • The Transport Layer Security (TLS) connection between the app or integration and 1Password.com is no longer secure, for example, an attacker is using a certificate trusted by your device to authenticate 1Password.com
  • An attacker is specifically targeting your 1Password app or integration that’s affected by the issue described in this article and they create a malicious server application that behaves identically to a 1Password server

An attacker in this scenario can get additional information about the activities you perform in your 1Password account. At a technical level, the attacker is able to inspect the contents of encrypted requests your 1Password app or integration sends to the server. Encrypted request contents can include email addresses of family or team members if you share vaults with them, billing information or security settings, and various other information in your 1Password account.

The attacker cannot see secrets saved in 1Password, or attributes (such as the vault name) you view or edit, because they’re encrypted with another mechanism that only allows you to read them. Furthermore, the attacker in this scenario is not able to manipulate encrypted request contents, only observe them. This is because in the described scenario, the attacker is unable to authenticate with 1Password.com on your behalf.

Learn how 1Password encrypts your data, protects your privacy, and safeguards your information in the 1Password Security Design White Paper.

Commentary

We designed 1Password to protect you even if you can’t trust your network. While this issue only applies to very specific circumstances, we have failed to meet our goal of keeping your data safe. For that, we apologize.

Due to an implementation choice in our version of Secure Remote Password (SRP), we weakened an important layer of security in the way we set up network connections. That’s due to a historical deviation from standard SRP we’ve made in all our apps and integrations. As a result, the vulnerability is unique to 1Password’s way of using SRP. We are quite disappointed that this deviation from standard SRP turns out to be a weakness. Because our business is password management, we pride ourselves in being correct and rigorous in our cryptography protocols. In this case, we haven’t been.

Although we’re disappointed, we’re very happy that Cure53 informed us about the issue. We’ve been working with Cure53 for years, and their feedback has always been tremendously valuable to us and has made our products better and more secure. We’ve mitigated the identified issue to protect the 1Password apps and integrations from this vulnerability, and you can update to a newer version of 1Password to fix the issue on your devices. Moreover, we intend to remove our historical quirk completely, and in the future move to a different password-based authenticated key exchange (PAKE) mechanism altogether.