Jump to content

Potential Issue with New Browser Extension


Beau P.
 Share

Recommended Posts

I got an alert on database usage for Passwordstate and found that the database was maxed out for nearly an hour. I checked the audit logs and saw that a single user's browser extension retrieved a password to form fill nearly 20,000 times over the course of ~45 minutes. I checked with the user and they said they just logged in to the site as normal and didn't notice anything out of the ordinary happening.

 

Any ideas on what could have happened?

Link to comment
Share on other sites

Hi Beau,

 

We're sorry you're seeing this issue, and we're not really sure of the cause as we have not seen this ourselves - or had any other reports of this.

Can you confirm you're not using the Beta extension, but instead build 8792? If so, do you know if this is site specific and reproducible? If it is, can you let us know the URL for the site so we can do some testing?

Regards

Click Studios

Link to comment
Share on other sites

Yes, 8792 is the build of the extension. We never used the beta version.

This one instance was specific to one site. I tried to have the user follow the steps they took but was unable to reproduce it. 

 

I'll keep an eye out and see if it happens again. Are there any logs or any information I could provide that would help?

Link to comment
Share on other sites

Hello,

 

We had this happen again yesterday.

10:07 am to 11:31 am there were ~32k requests to retrieve a password from the browser extension.

 

Beau P. (****) retrieved the Password record 'www.tradingview.com' (UserName = *************) from the Password List 'Private Passwords' to form fill the web site https://www.tradingview.com/chart/.

I had that website open in a separate browser window and it was minimized.

 

I was able to reproduce it today by visiting that page. In just a few seconds I had over 3000 requests from the browser extension.image.png.d41b2a3ef8d75c03fce4f92032171e1c.png

I think you have to sign in then sign out again while still on that page (the sign in is in the top left corner drop-down menu)

Anyway, the thousands of requests coming through each minute are killing our server and database.

Link to comment
Share on other sites

Hi Beau,

 

I did create my own account for this site, and did notice during this account creation process that about 30 records where added. But since then, and it doesn't matter what I do in the UI, I cannot reproduce this unfortunately.

Can you see if you can reproduce this in Incognito mode with our extension enabled, to see if possibly there is some sort of interaction happening between extensions? Are you

Or, if you can reproduce this consistently, can you add this URL to the 'Ignored URLs' on the screen Administration -> Browser Extensions settings, to see if that will help - this is only a work around until we can reproduce the issue ourselves. You will need to log out of your extension after adding this, and then log back into Passwordstate to configure your extension again.

Regards

Click Studios

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...