2

Suppose we have sensitive information stored in plaintext within a dm-crypt/VeraCrypt encrypted file and this information is copy-and-pasted by a user into a web browser after decrypting (this could for example be account recovery questions).

If the user is not using a clipboard manager, where (if at all) are the logs for his/her copy-and-paste data stored? In particular how are those cleared and what attacks/threats is such an approach to information management susceptible to?

I'm sorry if this is a rather trivial question.

EDIT: Does higlighting text and drag-and-dropping it into an online form pose the same kind of threat? - note that this doesn't reproduce the text upon trying to 'paste'.

suarko
  • 23
  • 5
  • For clarity, does the source of the data really matter with regard to the question? Or is it just about clipboard functionality and vulnerability? – AlexH Jan 05 '16 at 10:31
  • In essence no, we can assume the data is stored securely and decrypted for a short period of use. What measures can be implemented to address the safe copying of information during this time? – suarko Jan 05 '16 at 10:51
  • These two answers, while a little old, may be of help: http://security.stackexchange.com/questions/33428/is-a-password-in-the-clipboard-vulnerable-to-attacks http://security.stackexchange.com/questions/2647/is-clipboard-secure – AlexH Jan 05 '16 at 11:26
  • Consider if anything prior to the decryption matters, I don't believe it does thus the source provides no protection. If a user is moving plain text between processes of an OS then the paste buffer of the OS is used (and seldom cleared) plus the browser paste buffer API is engaged. Sensitive plain text is dribbled about with a feature set not designed to secure that data. AlexH comment and answer below suggest the problems from that point on. – zedman9991 Jan 05 '16 at 17:36
  • @zedman9991 If the history, cache etc of the browser is immediately cleared after, what approaches exist to clear the browser paste buffer and also how does one go about clearing the OS buffer? If this is insufficient to clear remains of the data how can one directly transfer information from a text file to a form within a browser securely? – suarko Jan 05 '16 at 21:31
  • AlexH references provide the answer. Sadly it's not the one for which you hope. The OS (each differently) has many processes interacting and sharing data and access to include access to the paste buffer. This is not simple clear of a single OS buffer action. In times past Adobe manhandled the shared OS paste buffer to aid in making their PDF reader read only (prevent cut and paste access by filling the paste buffer even though the app did not let the user access it). That action can have unintended consequences for other programs (all should play friendly with shared resources). – zedman9991 Jan 05 '16 at 21:57
  • @zedman9991 That makes more sense now, thanks for clarifying! I was just wondering now, having read a little about Xdnd drag-and-dropping, if an attacker has access to traces of text transfer between windows can we essentially assume that the system has been compromised and there are better methods for sniffing passwords then retrieving them in this way? – suarko Jan 05 '16 at 23:28
  • If the attacker has privileged access there are many paths to exploitation. As you suggest, this one would probably be much less reliable than others as it requires the user to act in a specific fashion at an unspecified time. My guess is such an attacker would be focused on keylogging or unencrypted interprocess communications related to authentication. – zedman9991 Jan 06 '16 at 13:53

1 Answers1

1

The browser itself might store locally the information in what they call form suggestion for auto completion. For example type in your address when you buy something and google chrome will suggest to prefill that address from there on to any Ship To: form of every site. Some browsers play nice and will not store auto completion for forms marked with the password field however they will offer the option of storing your password locally ( and remote on the company's server if google chrome or safari). As for where you can find it, it's usually a small sqlite database file in either ~/.config or your User account folder ( if windows)

user283885
  • 226
  • 1
  • 4
  • Assuming all autocomplete, history etc is cleared from within the browser and no passwords are stored by it, how does one clear the buffer at an OS level - in my case Debian? Where does Debian store these traces if clipman isn't used? – suarko Jan 05 '16 at 21:34
  • It depends on your desktop on how it implements the clipboard functionality. For example kde appends a file in ./config. Either ways it has to be stored locally in your home directory because it's a user specific feature. Also if you copy from terminal type history and see if bash didn't store it as well. Same thing bash history is local in the user's folder in ./.bash_history – user283885 Jan 06 '16 at 16:38
  • By unix philosophy every user specific settings has to be stored in said user's home folder, usually in a . . Note, . in front of name means hidden file in unix mentality. Your desktop probably has a .config/kde or whatever desktop you use folder in your home directory where it keeps everything, from language and keyboard mappings to icon positions and clipboard settings. – user283885 Jan 06 '16 at 21:35
  • Ah forgot to tell you, have a look at http://bleachbit.sourceforge.net/. It has features to clean up history, browser and clipboard all in one, and since it's open source, you can study what files and folders they are looking at for potential cleanup. – user283885 Jan 07 '16 at 15:52