I really wish I could restrict CLI access to 1Password per vault (or even per item).
When I briefly tried Kamal, it made me very uncomfortable for a script to ask for access to my entire 1Password - every login, credit card, etc. While I do not think Kamal is malicious, in the context of all the constant supply chain attacks, saying yes to anything like that seems extremely irresponsible.
This seems like an area where there'd be obvious value in applying the principle of least privilege, so I was surprised when I couldn't find any granularity to the CLI permissions in 1Password.
This is the takeaway from this disclosure. Everyone using op should create a service account and expose only the secrets that need access via the CLI. That greatly decreases the attack surface.
CLI tools have weaker security models than their GUI counterparts bc the assumption is usually that if you have terminal access, you already have elevated privileges.
But in shared environments or CI/CD pipelines, this doesn’t work. And the credential exposure through process lists is pretty bad.
This "vulnerability" is actually just a standard warning to not run untrusted software on your machine. In this case the attacker can leverage a commandline program to read your unlocked password vault, but without that he'd still be able to steal any user owned files on your machine and access your bank through your browser to steal your money.
"It rather involved being on the other side of this airtight hatchway."
To an extent, in that once you've unlocked your vault you now have access to it without having to type a password every time (convenience). Of course, the implications of this are far worse, in that you've now sent me (the hacker) all credentials in your vault. I'd say this has less to do with a password manager and more to do with using MFA so that the credentials alone are worthless.
Sidenote, but nice to see a few more Codeberg links popping up instead of the ubiquitous GitHub. Maybe we’re decentralising a little more in this area.
> This investigation took a while, and I waited a while before publishing this disclosure (life circumstances and giving 1Password time to fix the issue).
Sounds like the person really came from a supportive place and hoped things would get sorted out. And had life intervene along the way maybe.
If someone has arbitrary code execution on your machine as your user, then of course they can access things your user can access.
They could just as easily keylog your password, or replace the onepassword-cli binary with one that exfiltrates data, or steal your browser cookie to get into your email account and use that to hijack recovery flows...
To limit the attack surface here, maybe follow the permissions model on macOS, access a credential = TouchID/Password each time, just limiting dependencies, still leaves a large attack surface of accessing everything if an attacker is able to find a route through, that’s what they’re looking for is everything right there, somehow some way.
When I execute code on your machine, you are lost. Simply like that.
Don't store important passwords on your machine in a single point of failure. It's safer to store them unencrypted in a wrong named textfile than on the place where everyone will look automacially at first.
But more secury is it to NOT store them at all on your machine.
I’m surprised the CLI doesn’t asked permission for each program trying to access it, when using their SSH agent I get a popup for any program (then it unlock that key for that program until session ends).
People dismissing this vulnerability miss the point of a password manager which is to protect in such scenario where code gets executed on a machine but at least the data is encrypted, of course in that scenario the attacker can get access to the plain text env variables anyway that the developers has on their machine but at least it is not ALL of your credentials like in this case.
Service Account can limit the blast radius BUT you’ll end up saving that API token in your env anyway giving access to anyone executing malicious code…
Using their CLI is dangerous if they haven’t done anything to protect in this scenario. Did they have any comments in that vulnerability and how they want to mitigate it?
Why not simply return the value of the requested items and that’s it? Why unlock everything in a CLI scenario, surely the most common case is simply grabbing a single item like a .env for a project and that’s it.
I believe the CLI _does_ ask permission for each program trying to access it. The author's example includes a malicious vscode extension abusing the fact that he intentionally granted vscode permission to access the vault for one purpose and then a malicious extension leveraged that access to retrieve information through the op cli.
1Password used to be good 10 years ago, but not anymore. A couple of days ago, there was a post about Electron based apps that slow down macOS Tahoe (due to older versions of Electron using an undocumented API). When I ran the script on my laptop, 1Password was on the top of the list.
> 1Password.app: Electron 37.3.1 (Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework)
Edit: Judging by the downvotes, it looks like there are a lot of electron lovers here. Why the hate for more efficient native apps? Are bloated binaries, janky UI and lower battery life, features? :)
I guess you're being downvoted because you've just now realized that 1password is electron-based and you're using that discovery it to retro-actively confirm your pre-existing bias that electron = bad.
If electron was actually always bad, you wouldn't need a script to scan your machine and tell you which apps to hate, you'd just know "yep that's slop" upon first opening the app. Yet that is not the case. Because electron is a tool, and it's sometimes used so well that you don't even notice it until you run a script.
troad|4 months ago
When I briefly tried Kamal, it made me very uncomfortable for a script to ask for access to my entire 1Password - every login, credit card, etc. While I do not think Kamal is malicious, in the context of all the constant supply chain attacks, saying yes to anything like that seems extremely irresponsible.
This seems like an area where there'd be obvious value in applying the principle of least privilege, so I was surprised when I couldn't find any granularity to the CLI permissions in 1Password.
e40|4 months ago
selinkocalar|4 months ago
But in shared environments or CI/CD pipelines, this doesn’t work. And the credential exposure through process lists is pretty bad.
conception|4 months ago
hollow-moe|4 months ago
delusional|4 months ago
This "vulnerability" is actually just a standard warning to not run untrusted software on your machine. In this case the attacker can leverage a commandline program to read your unlocked password vault, but without that he'd still be able to steal any user owned files on your machine and access your bank through your browser to steal your money.
"It rather involved being on the other side of this airtight hatchway."
kachapopopow|4 months ago
but yah, you're right it's a very low-risk attack.
damaya1982|4 months ago
robin_reala|4 months ago
e40|4 months ago
I’m confused why this is just be publicly disclosed. It’s been known for 2 years!
alwa|4 months ago
Sounds like the person really came from a supportive place and hoped things would get sorted out. And had life intervene along the way maybe.
TheDong|4 months ago
If someone has arbitrary code execution on your machine as your user, then of course they can access things your user can access.
They could just as easily keylog your password, or replace the onepassword-cli binary with one that exfiltrates data, or steal your browser cookie to get into your email account and use that to hijack recovery flows...
RainyDayTmrw|4 months ago
zghst|4 months ago
krater23|4 months ago
Don't store important passwords on your machine in a single point of failure. It's safer to store them unencrypted in a wrong named textfile than on the place where everyone will look automacially at first. But more secury is it to NOT store them at all on your machine.
lucasqueiroz|4 months ago
jen729w|4 months ago
[deleted]
unknown|4 months ago
[deleted]
starburst|4 months ago
People dismissing this vulnerability miss the point of a password manager which is to protect in such scenario where code gets executed on a machine but at least the data is encrypted, of course in that scenario the attacker can get access to the plain text env variables anyway that the developers has on their machine but at least it is not ALL of your credentials like in this case.
Service Account can limit the blast radius BUT you’ll end up saving that API token in your env anyway giving access to anyone executing malicious code…
Using their CLI is dangerous if they haven’t done anything to protect in this scenario. Did they have any comments in that vulnerability and how they want to mitigate it?
Why not simply return the value of the requested items and that’s it? Why unlock everything in a CLI scenario, surely the most common case is simply grabbing a single item like a .env for a project and that’s it.
InitialBP|4 months ago
unknown|4 months ago
[deleted]
oulipo2|4 months ago
manchicken|4 months ago
e40|4 months ago
jen729w|4 months ago
[deleted]
alwa|4 months ago
woadwarrior01|4 months ago
> 1Password.app: Electron 37.3.1 (Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework)
[1]: https://news.ycombinator.com/item?id=45437112
Edit: Judging by the downvotes, it looks like there are a lot of electron lovers here. Why the hate for more efficient native apps? Are bloated binaries, janky UI and lower battery life, features? :)
daveoc64|4 months ago
Hawxy|4 months ago
cedws|4 months ago
zatertip|4 months ago
tredre3|4 months ago
If electron was actually always bad, you wouldn't need a script to scan your machine and tell you which apps to hate, you'd just know "yep that's slop" upon first opening the app. Yet that is not the case. Because electron is a tool, and it's sometimes used so well that you don't even notice it until you run a script.