Regarding PassBolt Extention

Hi,

sorry if this post is in the wrong place I didn’t know where exactly to open it.

I have 2 questions regarding the browser extension:
1- Does the extension initiate any connection to any other location other than the primary server? (From the desktop where it is installed since it has internet access)

2- Does it have a signature so we can limit internet access using application control from firewall?

The only other location would be the haveibeenpwned.com API. It’s not required for it to work, e.g. it will work if the URL is not reachable.

Not sure what you mean by this, can you elaborate?

Hi,
Sorry for the late reply, I had a family emergency.

“The only other location would be the haveibeenpwned.com API. It’s not required for it to work, e.g. it will work if the URL is not reachable.”

May I ask why the extension would connect to haveibeenpwned.com?
also, how can it be possible to prevent it from communicating with any other location other than the primary server?

2- Does it have a signature so we can limit internet access using application control from the firewall?
Not sure what you mean by this, can you elaborate?

as you can see from the screenshot below, every application has a signature that the firewall uses to identify that application and based on the policies either permit or deny that connection.

and you can add signatures manually but you must have the application signature to add it.

Hi @Boldbud!

We call for haveIBeenPwned to check when creating or updating a password that it hasn’t been leaked in some existing dictionaries.
You can prevent these calls in the administration settings in both password policies and user’s passphrase policies by unchecking the external dictionary check.

Regarding the application signature, I don’t know how this works so I can’t tell.