I have one of my devices unlocked in attacker hands. What’s next?
How to quickly block the access to the data?
This does not give me any clue: Passbolt Help | My secret key and passphrase are compromised, what do I do?
I have no idea what is
start a new with a fresh key and use your revocation certificate
I did not find such option in the UI…
Hi @albert-a
I am sorry to hear about this terrible issue.
Passbolt does not offer revocation certs yet.
If you know your ip address you can block the address.
You can delete the user
Looks like the disable user feature is still in the pipeline.
I am sorry to hear that.
The first security measure I’d take is to stop nginx in order to prevent any access to the instance.
sudo systemctl stop nginx
Then, I would create a new admin user
sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt register_user -i" www-data
It will generate a setup link, i’ll simply copy this link and restart nginx
sudo systemctl restart nginx
Once the new admin account is set up and you are completely logged in, log out and generate a recover token for your threatened account, replace your@email.com with the correct one
sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt recover_user -c -u your@email.com" www-data
It will generate a recover link, you can copy/paste this link to the browser and proceed to the account recover, you’d have to import the private gpg key and the enter the passphrase, then you can follow those instructions
sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt recover_user -c -u newadmin@email.com" www-dataIMHO, if someone could have 0.1% chance to access any of my passwords, i’ll probably rotate them all but I’d start with the most powerful one such as your email account and so on, so you will be able to recover all the accounts that are using the email to recreate a password, and then re-create them with the password generator from Passbolt.
I hope it helps
Hi @Duffman,
Thanks for the information! Don’t worry, the situation is hypothetical.
I’m new to Passbolt and to PM in general, so the first thing that come to mind after installation is to check what if one of the devices is compromised. And I was surprised that I did not find any quick countermeasures. Yes, I can delete user, it’s ok, my server has daily backups, but I guess it’s only the case when you have an access to the separate admin account. But what if not? And also it is not convenient to recover from server backup later.
I’m glad that there is some work in progress.
Hi @antony, thanks for the instruction!
I Agree on this.
As for instruction, I guess don’t have to recover my account if I have access to it on the other device (not only on compromised one) I just login, share the passwords with some new account and remove threatened account from yet another admin account, right?
Again, I need admin rights here… And a lot of time.
IMHO if a device is compromised, such measures should be
I think the best way to tackle this is to have static button “Block account” somewhere in very accessible place, so:
What do you think? Should I write some kind of feature request on this?
Thanks for your replies
Hi @albert-a
Good news that your situation was hypothetical!
I like your ideas. To help the Passbolt developers, the forum does ask that you use the template for Feature Requests
Remy is an amazing Passbolt Developer and follows the forum regularly.
I would also reference the feature request that Remy is currently working on.
Thank you for your interest in Passbolt!
Thank you for contributing to the community forum!
Hi @Duffman,
Thank you for directing me and providing me with the necessary information!
I read the document provided and put my thoughts on it and on this issue in a new request:
I hope Remy will notice the request and probably take some points into account while implementing the request he is currently working on as they are closely related.
Thanks again.