Login Sign Up

CVE-2020-10256

9.8 CRITICAL

📋 TL;DR

This vulnerability affects beta versions of 1Password's command-line tool and SCIM bridge, where an insecure random number generator was used to create encryption keys. Attackers with access to encrypted data could brute-force these keys to decrypt sensitive information. Users of affected beta versions are at risk.

💻 Affected Systems

Products:
  • 1Password command-line tool
  • 1Password SCIM bridge
Versions: Command-line tool: beta versions prior to 0.5.5; SCIM bridge: beta versions prior to 0.7.3
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects beta versions; stable releases are not vulnerable. The vulnerability exists in the key generation mechanism.

📦 What is this software?

Command Line Interface by 1password

View all CVEs affecting Command Line Interface →

Scim by 1password

View all CVEs affecting Scim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete decryption of all encrypted 1Password data, exposing passwords, secure notes, and other sensitive credentials stored in affected systems.

🟠

Likely Case

Targeted decryption of specific encrypted data by attackers who have already gained access to the encrypted files or network traffic.

🟢

If Mitigated

Minimal impact if systems are patched before attackers gain access to encrypted data.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires prior access to encrypted data and significant computational resources for brute-force attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Command-line tool: 0.5.5 or later; SCIM bridge: 0.7.3 or later

Vendor Advisory: https://support.1password.com/kb/202010/

Restart Required: Yes

Instructions:

1. Update 1Password command-line tool to version 0.5.5 or later. 2. Update 1Password SCIM bridge to version 0.7.3 or later. 3. Restart affected services after updating.

🔧 Temporary Workarounds

Disable affected beta software

all

Remove or disable vulnerable beta versions of 1Password command-line tool and SCIM bridge until patched.

sudo systemctl stop 1password-scim
sudo apt remove 1password-cli-beta

🧯 If You Can't Patch

  • Migrate to stable releases of 1Password software instead of beta versions.
  • Isolate systems running vulnerable versions from network access and monitor for unauthorized data access.

🔍 How to Verify

Check if Vulnerable:

Check version of installed 1Password command-line tool and SCIM bridge: 'op --version' and review SCIM bridge version in configuration.

Check Version:

op --version

Verify Fix Applied:

Confirm versions: command-line tool should be 0.5.5+, SCIM bridge should be 0.7.3+.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to encrypted 1Password data files
  • Failed decryption attempts in logs

Network Indicators:

  • Suspicious outbound connections from systems running vulnerable versions

SIEM Query:

source="1password" AND (version="0.5.*" OR version="0.7.*") AND version<"0.5.5" OR version<"0.7.3"

📊 Metadata

CVE ID: CVE-2020-10256
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: October 27, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON