AgileBits 1Password 6.3.3 Multiple Vulnerabilities

Medium Nessus Plugin ID 100955


A password management application installed on the remote host is affected by multiple vulnerabilities.


The version of AgileBits 1Password installed on the remote Windows host is equal or prior to 6.3.3. It is, therefore, affected by multiple vulnerabilities :

- A security weakness exists in the internal web browser in which the default protocol that is used is set to HTTP. If a user visits a website without specifying the full URL, the more secure HTTPS protocol will not be used even if it is available. A man-in-the-middle attacker can exploit this to disclose sensitive information. (SIK-2016-039)

- A security weakness exists in the database of the password manager due to lack of encryption for titles and URLs. An attacker who is able to obtain a copy of the encrypted database can exploit this to disclose the websites for which the user has stored credentials without having to break the cryptography. (SIK-2016-040)

- A security weakness exists in the password manager due to sending the target domain to the vendor's web server in order to obtain from a server-side cache an icon that represents the respective target website. This issue allows the vendor to track all the sites for which the user has created database entries. (SIK-2016-042)


Upgrade to a version of AgileBits 1Password that is later than 6.3.3.

See Also

Plugin Details

Severity: Medium

ID: 100955

File Name: agilebits_1password_multiple_vulns_01.nasl

Version: $Revision: 1.1 $

Type: local

Agent: windows

Family: Windows

Published: 2017/06/21

Modified: 2017/06/21

Dependencies: 100959

Risk Information

Risk Factor: Medium


Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N


Base Score: 4.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnerability Information

CPE: cpe:/a:agilebits:1password

Required KB Items: installed_sw/1Password, SMB/Registry/Enumerated

Patch Publication Date: 2016/09/27

Vulnerability Publication Date: 2016/09/27