Browser Extension Vulnerability Report

A security bug was found and fixed in the FlowCrypt Browser Extension.

Affected users: 25

Time from discovery to fix: 1 day

Severity: Medium (USD 1 000 reward for reporting user - Chris Baker)

Timeline:

  • May 11: The issue was introduced in our code base
  • May 15-20: Version 6.7.9 containing the faulty code was released
  • July 31: The user discovers the vulnerability and notifies us
  • July 31: We confirm the issue
  • July 31: We take early steps to mitigate the issue
  • Aug 1: We find and fix the issue in our code
  • Aug 1: The fixed extension is released as version 6.9.3
  • Aug 1: We sent the user a bug bounty for the discovery
  • Aug 7: Notifying affected users
  • Sep 5: This public statement

Details:

  • Between May 15 and Aug 1
  • When manually updating the private key in FlowCrypt SettingsAdditional SettingsPublic KeyPrivate key for {your email}update.
  • Users were prompted: “Public and private key updated locally. Update public records with new public key?”
  • If a user clicked “OK”, the software would wrongly submit their encrypted private key instead of their public key to our public key servers.
  • Our servers didn’t proactively check if the submitted keys have any private material, and stored them.
  • This encrypted private key was then later publicly accessible at flowcrypt.com/lookup where normally public keys are.

Aftermath:

  • We found and deleted 25 encrypted private keys from our servers.
  • We found and fixed the source issue. The actual code patch is available at the FlowCrypt GitHub repo.
  • We ensured that our servers examine incoming keys to make sure they don’t contain private material. Going forward, such keys will be rejected instead of storing them.

What would need to happen for your message content to get exposed:

  • You’d need to be one of the 25 affected users.
  • An attacker would need to download your encrypted private key from our servers in the time period it was available.
  • An attacker would need to also have your passphrase.
  • An attacker would need to also have access to one of your encrypted messages (e.g. hack into your inbox or one of your recipient’s inboxes).

All affected users were notified about this by email. While this vulnerability alone couldn’t cause your encrypted content to be exposed, it lowered the security of your private key which protects them, if you were one of the affected users. If you haven’t received an email from us about this, you were not one of the affected users.

To further improve the security of our software, we’ll:

  • Soon announce a security bounty program with rewards ranging up to EUR 5 000 per report.
  • Review our internal security practices to look for improvements in our development process, code reviews, and testing.
  • Hire an external security firm to go through all of our source code and look for security issues.