Trust No Program

Can't get LastPass plugin to autologin / remember password

Please post your problem description here

Can't get LastPass plugin to autologin / remember password

Postby BUN B » Thu Mar 08, 2012 11:32 pm

Hello,

I have problem with LastPass plugin in the browser.
I've tried everything.

When I install LastPass plugin, and start the IE8 through Sandboxie, I login and enter info, and set the LastPass to login 1min after the IE is closed.
I empty the Sandbox, and start the IE8 sandboxed again, and it won't auto login.

Then, I've tried the above, but with first running un-sandboxed ie, entering info, closing it, then running it through sandbox, it won't login.

Then, I've tried in un-sandboxed IE8 to turn off Protected Mode, then loged in, closed the browser, and then started it again but this time through sandboxie.

Now it will login (i've had it setup to logout after 1 min of closing browser).
Now I've closed the browser, and waited 10minute, to see when I start it again sandboxed, will it login or not.

It didnot login, which is what it had been told.
But, upon running it sandboxed, I loged in, emptied the sandboxed and started it again sandboxed, and it wouldn't login.


Please, give me some kind of solution.
I've tried all of this settings with IE8.
I've tried also IE9, but now so intensively.
I've tried it with firefox, but also not so indepth like with Ie8.

If someone has correct settings for Sandboxie to wrok with Ie8, Ie9 and Firefox 10, I'll be grateful.

All I want, is to being able to set lastpass, to logout, 1min after the Sandbox has been emptied.
And the next time I start browser through sandbox, that I enter username and password and that it logs in.

Please help!

Bun

--------------

This has been tried with:

Sandboxie:
3.46 x64
3.64 x64

Browsers:
IE8 x64
IE9 x64
Firefox 10.0.2 x32
BUN B
 

Postby Guest10 » Fri Mar 09, 2012 9:14 pm

Most problems about sandboxed programs forgetting their settings are due to the fact the information isn't being saved outside of the sandbox.
At least, that's the case if the sandbox contents are deleted between uses.
LastPass does save information to a local hard drive folder, from what I can see.
That location though, may not be set correctly for you in Sandboxie's LastPass template.

Also, I'm wondering if the problem is that LastPass was not detected by Sandboxie Control.
This is a small test, if you would follow these steps in this order:
Open Sandboxie Control's window and click on:
Configure > Edit Configuration
Look under the section "[GlobalSettings]" to see if you have listed there:
Template=LastPass
If you do then you can close the configuration window and close Sandboxie Control's window too.

If you did not see "Template=LastPass", then in Sandboxie Control's window click on:
Configure > Software Compatibility
and then you should see:
[+] LastPass
indicating that LastPass has now been detected.
OK
--
Was the "Template=LastPass" line there when you first checked it, above?

LastPass has a local folder for settings, but the location varies with the operating system and browser.
Since you are using LastPass for IE and Firefox:
Do a hard drive 'Search' for the "LastPass" folder, and list the path to it in a message here.
----
For reference only:
This list is supposed to show the local locations for the LastPass folder, but it is incorrect for XP (at least when I tried LastPass).
https://lastpass.com/support.php?cmd=showfaq&id=425

For me on XP:
C:\Documents and Settings\(user)\Local Settings\Application Data\LastPass
I would think that on Vista/Win 7 that would be equivalent to:
C:\Users\(user)\AppData\Local\LastPass
but I don't know for sure if that's the correct location for the LastPass folder.
(Both of the above would match the LastPass folder location listed in Sandboxie's LastPass template)
Paul
XP Pro SP3 (Admin), Zone Alarm Pro Firewall, Malwarebytes Pro, Firefox 28, Thunderbird 24
Guest10
 
Posts: 4744
Joined: Sun Apr 27, 2008 10:24 pm
Location: Ohio, USA

Postby Bun B » Fri Mar 09, 2012 11:50 pm

Hello Guest10,

The template line is there (in sandboxie.ini).


---



[GlobalSettings]

ProcessGroup=<InternetAccess_DefaultBox>,iexplore.exe
ForceDisableSeconds=5
Template=LastPass

--------------
And Configure - Software compatiblity has LasPass showing +


I found out that when using the yubikey, you can't have LastPass to autologin you after closing the browser, so it's usless trying to find a way to autologin after the IE has closed.

But, another problem I noticed is when I login into LastPass (ie8, un-sandboxed), and change language, close it, run sandboxed in 3.46, it shows the previous language.
Also, In Unsandboxed IE8, I go VIEW- and hide the Menu bar, run IE sandboxed, menu bar is there. How is that possible?
What should I do to have IE remember unsadboxed settings when running sandboxed. Other things like cookie control, do get remembered.

Also, i did find on my pc folder named LastPass: C:\Users\?Username?\AppData\LocalLow\LastPass


Can you help?

Thank you for taking the time to write!
Bun B
 

Postby BUN B » Sat Mar 10, 2012 12:17 am

Hello,

Also, I did notice, in Sandboxie, upon changing the Language, LastPass makes an entry in the registry:

Location: user\current_classes\local settings\muicache\30\52c64b7e

value:

en-US
en

Please help if you can!
BUN B
 

Postby Guest10 » Sat Mar 10, 2012 2:11 pm

Bun B wrote:Configure - Software compatiblity has LasPass showing +
OK. I wanted to check because when I first installed LastPass, it wasn't shown in [GlobalSettings] until I ran "Software Compatibility".
Bun B wrote:But, another problem I noticed is when I login into LastPass (ie8, un-sandboxed), and change language, close it, run sandboxed in 3.46, it shows the previous language.
Also, In Unsandboxed IE8, I go VIEW- and hide the Menu bar, run IE sandboxed, menu bar is there. How is that possible?
First, version 3.46 is getting to be quite old and you should consider installing a later version. With fixes that have been made since 3.46, that might make a difference.
If the sandbox contents have not been deleted then these old settings will be remembered, because programs will use files and Registry entries that have been saved inside the sandbox when the programs are run sandboxed, instead of reading those things from files or the Registry keys that are outside of the sandbox.
If you want settings that are made when not sandboxed, to be used the next time you run the program sandboxed, it is likely necessary that you "Delete Contents" of the sandbox first.
Bun B wrote:Also, i did find on my pc folder named LastPass: C:\Users\?Username?\AppData\LocalLow\LastPass
That path does match the path in Sandboxie's LastPass template, so IE should be able to write there to save settings.
Unfortunately, I don't know a lot about the "\AppData\LocalLow" folder, but I think that IE can only write there when it's running in Protected Mode. But Sandboxie will normally force sandboxed IE to run in non-Protected mode.
As I say, I don't know a lot about IE and Protected or Non-Protected mode, since that's not available on my XP computer.
Is there a way to somehow download your LastPass data, from your account on the LastPass server, while IE is running (unsandboxed) in non-protected mode?
Maybe it will be saved to an "AppData\Local" folder instead, and maybe that will help. (I'm just guessing about this)
Paul
XP Pro SP3 (Admin), Zone Alarm Pro Firewall, Malwarebytes Pro, Firefox 28, Thunderbird 24
Guest10
 
Posts: 4744
Joined: Sun Apr 27, 2008 10:24 pm
Location: Ohio, USA

Postby Guest10 » Sat Mar 10, 2012 2:31 pm

BUN B wrote: Also, I did notice, in Sandboxie, upon changing the Language, LastPass makes an entry in the registry:
Location: user\current_classes\local settings\muicache\30\52c64b7e
Is changing language in LastPass something that you would want to do while running a program sandboxed, and have that same language setting remembered by LastPass the next time that you run a program sandboxed or unsandboxed?
Registry key changes made by a sandboxed program are normally saved inside the sandbox, and will be used the next time that sandbox is used - unless the sandbox contents are deleted. If the contents have been deleted, then the contents of the unsandboxed Registry key will be used.

If a sandboxed program is allowed to write to a Registry Key outside of the sandbox (direct access), then the sandboxed program can save it's settings to that Registry Key in the unsandboxed Registry.
The next time that Registry key is read by an unsandboxed program, the setting that was changed by the sandboxed program will be used.
If you always use the same sandbox no matter which browser you use with it (IE8, IE9, Firefox, etc) then you could allow direct access to a Registry key in that sandbox.
If you use different sandboxes for each browser, then you would have to make a direct access setting for that Registry key for every one of those sandboxes, in order for the setting to be remembered each time you use LastPass.

I can't identify a Registry key that starts with:
user\current_classes\local settings\...
Paul
XP Pro SP3 (Admin), Zone Alarm Pro Firewall, Malwarebytes Pro, Firefox 28, Thunderbird 24
Guest10
 
Posts: 4744
Joined: Sun Apr 27, 2008 10:24 pm
Location: Ohio, USA

Postby Guest10 » Sat Mar 10, 2012 2:38 pm

Bun B wrote:[GlobalSettings]

ProcessGroup=<InternetAccess_DefaultBox>,iexplore.exe
Having this line under [GlobalSettings] isn't where Sandboxie puts things like this, now.
If you update to a later Sandboxie version, this line will be moved underneath the [DefaultBox] section of the configuration file.
Updating your Sandboxie version is recommended.
When you run the Sandboxie installer program, choose to "Overwrite (upgrade)..." your current version.

Plus, I don't know your circumstances, but for myself I would use Firefox instead of trying to deal with IE8, IE9, Protected Mode or non-Protected Mode.
Paul
XP Pro SP3 (Admin), Zone Alarm Pro Firewall, Malwarebytes Pro, Firefox 28, Thunderbird 24
Guest10
 
Posts: 4744
Joined: Sun Apr 27, 2008 10:24 pm
Location: Ohio, USA

Postby BUN B » Sat Mar 10, 2012 3:16 pm

hello

If I upgrade to latest version, and choose OWERWRITE, will I be getting the same functionallity as If I installed the latest version from scratch?

I need to know so I know if to upgrade or to install everything from scratch (system image).

Also, I've asked LastPass to give me exact directories that plugin is accessing as well as registry, so we can exclude them!

I did noticed, then when running UAC, and running IE, unsadboxed, and loggin into lastpass, changin language, closing
runnin Sandboxed IE, that it doesn't remember, unless I run IE unsandboxed and as ADMIN

IE sucks

what about security and privacy standpoint, firefox 10 vs. IE8?
BUN B
 

Postby Guest10 » Sat Mar 10, 2012 4:29 pm

BUN B wrote:If I upgrade to latest version, and choose OWERWRITE, will I be getting the same functionallity as If I installed the latest version from scratch?
Yes, the functionality will be the same and your current Sandbox Settings will be saved, and some things in your configuration file will be updated for use with the new version.
BUN B wrote:I need to know so I know if to upgrade or to install everything from scratch (system image).
You could choose to uninstall the program and remove your current settings, when you run the installer, but then you would need to reconfigure all Sandbox Settings again. If you're willing to do that, then you can do it that way.
I believe that an uninstall will recommend that you manually delete the C:\Sandbox folder, but I always do an upgrade install that preserves or updates my current settings, and that doesn't affect my sandboxes that are underneath C:\Sandbox.
BUN B wrote:IE sucks
Well, on XP I can use IE8 without worrying about protected mode, and I run as Admin anyway. All things considered, I use Firefox mainly because there are so many different extensions that I can use to customize my Firefox profiles.
I've also got Google Chrome installed, when I want to open another browser.
BUN B wrote:what about security and privacy standpoint, firefox 10 vs. IE8?
The nice thing about using Sandboxie is that it tends to even-out any security or privacy issues between the various browsers.
You can be just as safe with one as with another. It's all in what you choose to allow outside of the sandbox, and the rest of what's left inside the sandbox can be deleted.
Things like Flash cookies, or malware that you might pick up just by visiting an infected web site, will be trapped inside the sandbox - as long as you don't choose to let them out. So, from that standpoint it doesn't matter which browser you use.
Paul
XP Pro SP3 (Admin), Zone Alarm Pro Firewall, Malwarebytes Pro, Firefox 28, Thunderbird 24
Guest10
 
Posts: 4744
Joined: Sun Apr 27, 2008 10:24 pm
Location: Ohio, USA

Postby BUN B » Sat Mar 10, 2012 5:55 pm

that's exactly why I am using sandboxie...

what addons are you using with firefox, if it is not a secret?

i disable UAC
now when I set something in LastPass, and then run sandboxed IE, it rememberd

But, when I change setting in Sandboxed IE in LastPass, it doesn't remember

do you have any suggestions?
BUN B
 

Postby Guest10 » Sat Mar 10, 2012 8:18 pm

BUN B wrote:what addons are you using with firefox, if it is not a secret?
Internet surfing profile (most-used of 27 extensions):
Adblock Plus
Element Hiding Helper for Adblock Plus
deskCut
Ghostery
Greasemonkey (User Scripts: Gone Phishing; Untiny; YouTube Video Download)
Paste Email Plus
Print Edit
RSS Icon in Awesombar
SQLite Manager
TinyURL Generator
WOT (Web of Trust)

Banking profile (most-used of 10 extensions):
Adblock Plus
Element Hiding Helper for Adblock Plus
deskCut
NoScript
Paste Email Plus
BUN B wrote:...when I change setting in Sandboxed IE in LastPass, it doesn't remember
I was hoping someone who uses IE and LastPass would respond, since I don't have any more ideas.
Paul
XP Pro SP3 (Admin), Zone Alarm Pro Firewall, Malwarebytes Pro, Firefox 28, Thunderbird 24
Guest10
 
Posts: 4744
Joined: Sun Apr 27, 2008 10:24 pm
Location: Ohio, USA

Postby BUN B » Sat Mar 10, 2012 10:16 pm

Hey Guest10,

Thank you for your list of plugins.
Those are great!

I too hope that someone who uses IE and LastPass can shed some light onto this issue of IE8 not remembering LastPass plugin's settings wile running sandboxed.

I got one question:

Programs from first sandbox cannot leak or "talk" to programs in second sandbox?
BUN B
 

Postby Helper » Sat Mar 10, 2012 11:18 pm

BUN B wrote:Programs from first sandbox cannot leak or "talk" to programs in second sandbox?
No, no communications between them, but files inside of one sandbox can be read by a program that's using a different sandbox.
Helper
 
Posts: 132
Joined: Thu Mar 01, 2012 5:28 pm

Postby BUN B » Sat Mar 10, 2012 11:37 pm

oh I see..

so If I run 1 sandbox for LASTPASS login and 1 sandbox for etc (surfing)

malicios code can read the data from the 1st sandbox (lastpass cookie) and then try to impersonate me?

did I get this right?
BUN B
 

Postby Helper » Sun Mar 11, 2012 1:30 pm

A sandboxed program doesn't know it's using a sandbox so if it wants to read from a file or folder on the hard drive it will look at the unsandboxed files/folders.

Using an example of an IE cookie that a sandboxed program wants to read, the program would look at:
C:\Users\username\Appdata\Roaming\Microsoft\Windows\Cookies
but if the cookie it's looking for is in a sandbox underneath "C:\Sandbox\...", it won't find it there.
The chances that malware will know to look underneath the C:\Sandbox\... folder, in a different sandbox, is about zero.
Helper
 
Posts: 132
Joined: Thu Mar 01, 2012 5:28 pm

Next

Return to Problem Reports

Who is online

Users browsing this forum: No registered users and 2 guests