CVE-2023-47131
📋 TL;DR
The N-able PassPortal Chrome extension before version 3.29.2 writes sensitive information to log files, potentially exposing credentials or other confidential data. This affects users of the vulnerable extension version who have the extension installed in Chrome.
💻 Affected Systems
- N-able PassPortal Chrome Extension
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers with access to log files could extract passwords, API keys, or other sensitive authentication data, leading to account compromise and unauthorized access to protected systems.
Likely Case
Local users or malware on the system could read log files containing sensitive information, potentially enabling credential theft or data exposure.
If Mitigated
With proper file permissions and log monitoring, unauthorized access to log files would be prevented, limiting exposure.
🎯 Exploit Status
Exploitation requires access to log files, which may be protected by file permissions. No authentication bypass is needed to read already-written logs.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.29.2
Vendor Advisory: https://me.n-able.com/s/security-advisory/aArHs000000M8CCKA0/cve202347131-passportal-browser-extension-logs-sensitive-data
Restart Required: No
Instructions:
1. Open Chrome browser. 2. Go to chrome://extensions/. 3. Find N-able PassPortal extension. 4. Ensure version is 3.29.2 or higher. 5. If older, update via Chrome Web Store or remove and reinstall.
🔧 Temporary Workarounds
Remove vulnerable extension
allUninstall the vulnerable extension until patched version is available
chrome://extensions/ → Remove N-able PassPortal extension
Restrict log file permissions
linux/windowsSet restrictive permissions on Chrome log directories to prevent unauthorized access
chmod 600 ~/.config/google-chrome/*.log (Linux)
icacls "%LOCALAPPDATA%\Google\Chrome\User Data\*.log" /deny Everyone:(R) (Windows)
🧯 If You Can't Patch
- Disable or remove the N-able PassPortal Chrome extension immediately.
- Implement strict file permissions on Chrome log directories and monitor for unauthorized access attempts.
🔍 How to Verify
Check if Vulnerable:
Check Chrome extension version: chrome://extensions/ → Find N-able PassPortal → Check version number.Check Version:
chrome://extensions/ (manual check in browser)Verify Fix Applied:
Confirm extension version is 3.29.2 or higher in chrome://extensions/.📡 Detection & Monitoring
Log Indicators:
- Sensitive strings (passwords, tokens) appearing in Chrome extension log files
- Unauthorized access attempts to Chrome log directories
Network Indicators:
- None - this is a local information disclosure vulnerability
SIEM Query:
Search for file access events to Chrome log paths containing sensitive strings or from unauthorized users.