Buttercup Browser Extension Improper Access Control Vulnerability Allowing Password Retrieval

A vulnerability exists in the Buttercup browser extension for Chrome, specifically in versions through 0.14.2. This issue allows any web page to access the user's password store without permission. The vulnerability arises from improper access controls, enabling remote exploitation. Although the exploitation is complex and requires user interaction, a public exploit is available. The vulnerability has been assigned the identifier CVE-2017-20199 and is related to CWE-284, which pertains to incorrect enforcement of access controls.

Impact

Exploitation of this vulnerability allows for unauthorized access to the user's password vault, with the potential to retrieve plaintext passwords. This leads to a significant breach of confidentiality, as it enables the interception of sensitive credentials stored within the password manager.

Reproduction

To reproduce this vulnerability, install the affected version of the Buttercup browser extension for Chrome. Once installed, any web page can query the password store by injecting a hidden form element into the page. This form can be automated to retrieve passwords by simulating user interactions, such as mouse movements and clicks. The injected form is not visible to the user, allowing the attack to go unnoticed.

Remediation

Users can upgrade to Buttercup Browser Extension version 1.0.1 to address this vulnerability.