[keycloak-user] [keycloak-dev] Trojan in Keycloak Javascript Adapter?
Stian Thorgersen
sthorger at redhat.com
Tue Jan 9 13:58:06 EST 2018
Please report the files here
https://www.microsoft.com/en-us/wdsi/filesubmission.
On 9 January 2018 at 19:55, Stian Thorgersen <sthorger at redhat.com> wrote:
> We're not going to do anything unless someone else can confirm this. This
> is probably also something that you can report to Microsoft as they are
> reporting a false positive here, assuming you're not actually affected by a
> virus yourself.
>
> I've also tried Defender now, that makes 3 people that has tried to
> confirm this with no luck.
>
> On 9 January 2018 at 17:16, Ariel Carrera <carreraariel at gmail.com> wrote:
>
>> I created a Jira to track this problem:
>>
>> https://issues.jboss.org/browse/KEYCLOAK-6157
>>
>> I tried with older 3.4.x versions and only happens with 3.4.2 and 3.4.3
>>
>> I compared the minified files between version 3.4.1 and 3.4.2 and they
>> have little differences between them but I can't see a threat in the code
>> so I suspect that it is a false alarm but it still is a problem for users.
>>
>> I think that doing a rewrite of the function "processInit()" can helps to
>> get off alerts when the file gets minified.
>>
>>
>> 2018-01-09 12:47 GMT-03:00 Ariel Carrera <carreraariel at gmail.com>:
>>
>>> I don't know why we have differents Windows Defender results... but it's
>>> Microsoft...
>>>
>>> Bruno, Is your Windows (inside VM) updated? What version is? Do you
>>> updated virus definitions too?
>>>
>>> I updated definitions but problem persists... Here is another screenshot:
>>> [image: Imágenes integradas 1]
>>>
>>>
>>> [image: Imágenes integradas 2]
>>>
>>>
>>> You can check my windows version in second screenshot. It is version
>>> 10.0.16299.192 (and it was tested in another machine with version (
>>> 10.0.16299.125)).
>>>
>>> Recently, It was tested again with a third machine (at home) in another
>>> network / location / and installation. Same problem, virus detected.
>>>
>>> Maybe Microsoft has differents versions by location... I don't know...
>>> after update to last version, Windows Defender asked me to send the file to
>>> improve detection (I had not asked for this before).
>>>
>>>
>>>
>>> 2018-01-09 11:50 GMT-03:00 Bruno Oliveira <bruno at abstractj.org>:
>>>
>>>> So I don't have Windows 10, but I managed to run a VM from
>>>> https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/.
>>>>
>>>> After that I cloned the whole Keycloak repository https://github.com/
>>>> keycloak/keycloak-js-bower. Nothing was found, please see the
>>>> screenshot: https://i.imgur.com/1NbFGrn.png.
>>>>
>>>> On Tue, Jan 9, 2018 at 10:46 AM Stian Thorgersen <sthorger at redhat.com>
>>>> wrote:
>>>>
>>>>> Please create an issue with the details. We'll need to figure out how
>>>>> to
>>>>> reproduce the issue though. Seemed like Ramunas had tried, but that
>>>>> Defender wasn't reporting anything for him.
>>>>>
>>>>> On 8 January 2018 at 21:18, Ariel Carrera <carreraariel at gmail.com>
>>>>> wrote:
>>>>>
>>>>> > "when your somebody get's a keycloak's distribution to be
>>>>> installed" read
>>>>> > like: "when someone gets Keycloak to be installed" xD
>>>>> >
>>>>> > 2018-01-08 16:56 GMT-03:00 Ariel Carrera <carreraariel at gmail.com>:
>>>>> >
>>>>> >> Hi Stian, I checked differences in keycloak.min.js comparing version
>>>>> >> 3.4.1 to 3.4.2.
>>>>> >> I can't see a problem at first sight... but It's still a problem to
>>>>> see
>>>>> >> your antivirus alerting for a threat when your browser access to a
>>>>> page
>>>>> >> that uses "keycloak.min.js" or when your somebody get's a keycloak's
>>>>> >> distribution to be installed.
>>>>> >>
>>>>> >> Maybe this issue must to be in Jira.
>>>>> >>
>>>>> >> Last changes in javascript file can be the problem.
>>>>> >>
>>>>> >> Maybe function "processInit()" needs some changes.
>>>>> >>
>>>>> >> Regards,
>>>>> >>
>>>>> >> 2018-01-08 16:26 GMT-03:00 Ariel Carrera <carreraariel at gmail.com>:
>>>>> >>
>>>>> >>> Checked with other computer (windows 10 + windows defender).
>>>>> >>>
>>>>> >>> keycloak-min.js is detected as virus from version 3.4.2 to 3.4.3
>>>>> >>>
>>>>> >>>
>>>>> >>> 2018-01-03 17:44 GMT-03:00 Ramunas <ramunask at gmail.com>:
>>>>> >>>
>>>>> >>>> * just downloaded keycloak-js-adapter-dist-3.4.2.Final.zip file
>>>>> >>>> * extracted and scanned "keycloak-js-adapter-dist-3.4.2.Final"
>>>>> folder
>>>>> >>>> with Windows Defender on Windows 10 - no issues found
>>>>> >>>> * checked for Windows updates. New update "Definition Update for
>>>>> >>>> Windows Defender Antivirus - KB2267602 (Definition 1.259.1141.0)"
>>>>> was found
>>>>> >>>> and installed.
>>>>> >>>> * scanned again. No issues found.
>>>>> >>>>
>>>>> >>>> Ramūnas
>>>>> >>>>
>>>>> >>>
>>>>> >>>
>>>>> >>>
>>>>> >>> --
>>>>> >>> Ariel Carrera
>>>>> >>>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> --
>>>>> >> Ariel Carrera
>>>>> >>
>>>>> >
>>>>> >
>>>>> >
>>>>> > --
>>>>> > Ariel Carrera
>>>>> >
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>>
>>>
>>>
>>> --
>>> Ariel Carrera
>>>
>>
>>
>>
>> --
>> Ariel Carrera
>>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 112492 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20180109/78905c6a/attachment-0002.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 39616 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20180109/78905c6a/attachment-0003.png
More information about the keycloak-user
mailing list