[keycloak-user] [keycloak-dev] Trojan in Keycloak Javascript Adapter?

Ariel Carrera carreraariel at gmail.com
Tue Jan 9 11:16:28 EST 2018 

I created a Jira to track this problem:

https://issues.jboss.org/browse/KEYCLOAK-6157

I tried with older 3.4.x versions and only happens with 3.4.2 and 3.4.3

I compared the minified files between version 3.4.1 and 3.4.2 and they have
little differences between them but I can't see a threat in the code so I
suspect that it is a false alarm but it still is a problem for users.

I think that doing a rewrite of the function "processInit()" can helps to
get off alerts when the file gets minified.


2018-01-09 12:47 GMT-03:00 Ariel Carrera <carreraariel at gmail.com>:

> I don't know why we have differents Windows Defender results... but it's
> Microsoft...
>
> Bruno, Is your Windows (inside VM) updated? What version is? Do you
> updated virus definitions too?
>
> I updated definitions but problem persists... Here is another screenshot:
> [image: Imágenes integradas 1]
>
>
> [image: Imágenes integradas 2]
>
>
> You can check my windows version in second screenshot. It is version
> 10.0.16299.192 (and it was tested in another machine with version (
> 10.0.16299.125)).
>
> Recently, It was tested again with a third machine (at home) in another
> network / location / and installation. Same problem, virus detected.
>
> Maybe Microsoft has differents versions by location... I don't know...
> after update to last version, Windows Defender asked me to send the file to
> improve detection (I had not asked for this before).
>
>
>
> 2018-01-09 11:50 GMT-03:00 Bruno Oliveira <bruno at abstractj.org>:
>
>> So I don't have Windows 10, but I managed to run a VM from
>> https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/.
>>
>> After that I cloned the whole Keycloak repository https://github.com/
>> keycloak/keycloak-js-bower. Nothing was found, please see the
>> screenshot: https://i.imgur.com/1NbFGrn.png.
>>
>> On Tue, Jan 9, 2018 at 10:46 AM Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>> Please create an issue with the details. We'll need to figure out how to
>>> reproduce the issue though. Seemed like Ramunas had tried, but that
>>> Defender wasn't reporting anything for him.
>>>
>>> On 8 January 2018 at 21:18, Ariel Carrera <carreraariel at gmail.com>
>>> wrote:
>>>
>>> > "when your somebody get's a keycloak's distribution to be installed"
>>> read
>>> > like: "when someone gets Keycloak to be installed" xD
>>> >
>>> > 2018-01-08 16:56 GMT-03:00 Ariel Carrera <carreraariel at gmail.com>:
>>> >
>>> >> Hi Stian, I checked differences in keycloak.min.js comparing version
>>> >> 3.4.1 to 3.4.2.
>>> >> I can't see a problem at first sight... but It's still a problem to
>>> see
>>> >> your antivirus alerting for a threat when your browser access to a
>>> page
>>> >> that uses "keycloak.min.js" or when your somebody get's a keycloak's
>>> >> distribution to be installed.
>>> >>
>>> >> Maybe this issue must to be in Jira.
>>> >>
>>> >> Last changes in javascript file can be the problem.
>>> >>
>>> >> Maybe function "processInit()" needs some changes.
>>> >>
>>> >> Regards,
>>> >>
>>> >> 2018-01-08 16:26 GMT-03:00 Ariel Carrera <carreraariel at gmail.com>:
>>> >>
>>> >>> Checked with other computer (windows 10 + windows defender).
>>> >>>
>>> >>> keycloak-min.js is detected as virus from  version 3.4.2 to 3.4.3
>>> >>>
>>> >>>
>>> >>> 2018-01-03 17:44 GMT-03:00 Ramunas <ramunask at gmail.com>:
>>> >>>
>>> >>>> * just downloaded keycloak-js-adapter-dist-3.4.2.Final.zip file
>>> >>>> * extracted and scanned "keycloak-js-adapter-dist-3.4.2.Final"
>>> folder
>>> >>>> with Windows Defender on Windows 10 - no issues found
>>> >>>> * checked for Windows updates. New update "Definition Update for
>>> >>>> Windows Defender Antivirus - KB2267602 (Definition 1.259.1141.0)"
>>> was found
>>> >>>> and installed.
>>> >>>> * scanned again. No issues found.
>>> >>>>
>>> >>>> Ramūnas
>>> >>>>
>>> >>>
>>> >>>
>>> >>>
>>> >>> --
>>> >>> Ariel Carrera
>>> >>>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Ariel Carrera
>>> >>
>>> >
>>> >
>>> >
>>> > --
>>> > Ariel Carrera
>>> >
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>
>
> --
> Ariel Carrera
>



-- 
Ariel Carrera
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 39616 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20180109/3068e7b6/attachment-0002.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 112492 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20180109/3068e7b6/attachment-0003.png

More information about the keycloak-user mailing list