Directories Containing Objects With Weak ACLs [Found/w Attack Surface Analyzer] [SOLVED]

If it's not about a problem in the program
Post Reply
TyeBox
Posts: 35
Joined: Mon Jan 29, 2018 4:20 am

Directories Containing Objects With Weak ACLs [Found/w Attack Surface Analyzer] [SOLVED]

Post by TyeBox » Sun Dec 09, 2018 1:26 am

I am curious as to what the Sandboxie experts think about these, the only weak ACLS located on the entire machine, using microsoft attack surface analyzer:
Directories Containing Objects With Weak ACLsExplain...
The folder C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\CertificateRevocation contains files and/or folders with ACLs that allow tampering by multiple non-administrator accounts.
Description:
The folder C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\CertificateRevocation contains files and/or folders with ACLs that allow tampering by multiple non-administrator accounts.

Details:
Folder: C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\CertificateRevocation
Contents with bad ACLs:
1. C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\CertificateRevocation\4863
2. C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\CertificateRevocation\4868

Account Rights
Authenticated Users (S-1-5-11) DELETE WRITE_OWNER WRITE_DAC FILE_ADD_FILE FILE_ADD_SUBDIRECTORY FILE_DELETE_CHILD FILE_WRITE_ATTRIBUTES FILE_WRITE_EA
Action:
The ACL should be tightened. Do not allow users to write to start points, files or directories that influence control over other users.

The folder C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\CertificateTransparency contains files and/or folders with ACLs that allow tampering by multiple non-administrator accounts.
Description:
The folder C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\CertificateTransparency contains files and/or folders with ACLs that allow tampering by multiple non-administrator accounts.

Details:
Folder: C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\CertificateTransparency
Contents with bad ACLs:
1. C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\CertificateTransparency\959
2. C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\CertificateTransparency\961

Account Rights
Authenticated Users (S-1-5-11) DELETE WRITE_OWNER WRITE_DAC FILE_ADD_FILE FILE_ADD_SUBDIRECTORY FILE_DELETE_CHILD FILE_WRITE_ATTRIBUTES FILE_WRITE_EA
Action:
The ACL should be tightened. Do not allow users to write to start points, files or directories that influence control over other users.

The folder C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\blob_storage contains files and/or folders with ACLs that allow tampering by multiple non-administrator accounts.
Description:
The folder C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\blob_storage contains files and/or folders with ACLs that allow tampering by multiple non-administrator accounts.

Details:
Folder: C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\blob_storage
Contents with bad ACLs:
1. C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\blob_storage\69ef11ca-af43-4d23-ac63-3cf8511a00af
2. C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\blob_storage\6e4e046e-6653-45c9-bde1-daf3bed04fda
3. C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\blob_storage\936a947b-3e4d-4945-a470-2bd11976eb98
4. C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\blob_storage\ef86dc10-fc02-4fb7-8e79-8e1a3c575d8c

Account Rights
Authenticated Users (S-1-5-11) DELETE WRITE_OWNER WRITE_DAC FILE_ADD_FILE FILE_ADD_SUBDIRECTORY FILE_DELETE_CHILD FILE_WRITE_ATTRIBUTES FILE_WRITE_EA
Action:
The ACL should be tightened. Do not allow users to write to start points, files or directories that influence control over other users.

The folder C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\Extensions\aihomhdbhpnpmcnnbckjjcebjoikpihj (ed note, universal bypass, has optional components that can be turned off to reduce privacy concerns for questionable functions which share data with third parties) contains files and/or folders with ACLs that allow tampering by multiple non-administrator accounts.
Description:
The folder C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\Extensions\aihomhdbhpnpmcnnbckjjcebjoikpihj contains files and/or folders with ACLs that allow tampering by multiple non-administrator accounts.

Details:
Folder: C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\Extensions\aihomhdbhpnpmcnnbckjjcebjoikpihj
Contents with bad ACLs:
1. C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\Extensions\aihomhdbhpnpmcnnbckjjcebjoikpihj\7.0_0
2. C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\Extensions\aihomhdbhpnpmcnnbckjjcebjoikpihj\7.1.0_0

Account Rights
Authenticated Users (S-1-5-11) DELETE WRITE_OWNER WRITE_DAC FILE_ADD_FILE FILE_ADD_SUBDIRECTORY FILE_DELETE_CHILD FILE_WRITE_ATTRIBUTES FILE_WRITE_EA
Action:
The ACL should be tightened. Do not allow users to write to start points, files or directories that influence control over other users.

The folder C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default contains files and/or folders with ACLs that allow tampering by multiple non-administrator accounts.
Description:
The folder C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default contains files and/or folders with ACLs that allow tampering by multiple non-administrator accounts.

Details:
Folder: C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default
Contents with bad ACLs:
1. C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\GCM Store
2. C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\Managed Extension Settings\pkehgijcmpdhfbdbbnkijodmdjhbjlgp (privacy badger)
3. C:\Sandbox\Ty\Chrome\user\current\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\6481c9843cdb6ba3af2a58dec86c49e8f92f0c3b\c73e0d9b-882a-4c28-8c4f-4e6a0e9bae51

Account Rights
Authenticated Users (S-1-5-11) DELETE WRITE_OWNER WRITE_DAC FILE_ADD_FILE FILE_ADD_SUBDIRECTORY FILE_DELETE_CHILD FILE_WRITE_ATTRIBUTES FILE_WRITE_EA
Action:
The ACL should be tightened. Do not allow users to write to start points, files or directories that influence control over other users.
These were not detected 3-4 days ago. Only after I cleaned the sandbox and updated to the latest Chrome 71.0.3578.80. The latest chrome came with a new service, called GoogleElevationService, I wonder if this had something to do with it. "C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.80\elevation_service.exe"

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2981
Joined: Mon Nov 07, 2016 3:10 pm

Re: Directories Containing Objects With Weak ACLs [Found/w Attack Surface Analyzer]

Post by Barb@Invincea » Mon Dec 10, 2018 10:07 am

Hi TyeBox ,

It looks like you are reporting a Google Chrome related problem. You may want to reach out to their support team for further information about that.
Sandboxie will prevent exploitation of that weakness by preventing interaction with files outside the Sbie directory (the sandboxed app will not modify your host/system files).

Here's more info regarding how Sandboxie protects your computer:
https://www.sandboxie.com/FrequentlyAsk ... HowItWorks

Regards,
Barb.-

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 2 guests