[keycloak-user] [keycloak-dev] Trojan in Keycloak Javascript Adapter?

Stian Thorgersen sthorger at redhat.com
Tue Jan 9 13:55:34 EST 2018 

We're not going to do anything unless someone else can confirm this. This
is probably also something that you can report to Microsoft as they are
reporting a false positive here, assuming you're not actually affected by a
virus yourself.

I've also tried Defender now, that makes 3 people that has tried to confirm
this with no luck.

On 9 January 2018 at 17:16, Ariel Carrera <carreraariel at gmail.com> wrote:

> I created a Jira to track this problem:
>
> https://issues.jboss.org/browse/KEYCLOAK-6157
>
> I tried with older 3.4.x versions and only happens with 3.4.2 and 3.4.3
>
> I compared the minified files between version 3.4.1 and 3.4.2 and they
> have little differences between them but I can't see a threat in the code
> so I suspect that it is a false alarm but it still is a problem for users.
>
> I think that doing a rewrite of the function "processInit()" can helps to
> get off alerts when the file gets minified.
>
>
> 2018-01-09 12:47 GMT-03:00 Ariel Carrera <carreraariel at gmail.com>:
>
>> I don't know why we have differents Windows Defender results... but it's
>> Microsoft...
>>
>> Bruno, Is your Windows (inside VM) updated? What version is? Do you
>> updated virus definitions too?
>>
>> I updated definitions but problem persists... Here is another screenshot:
>> [image: Imágenes integradas 1]
>>
>>
>> [image: Imágenes integradas 2]
>>
>>
>> You can check my windows version in second screenshot. It is version
>> 10.0.16299.192 (and it was tested in another machine with version (
>> 10.0.16299.125)).
>>
>> Recently, It was tested again with a third machine (at home) in another
>> network / location / and installation. Same problem, virus detected.
>>
>> Maybe Microsoft has differents versions by location... I don't know...
>> after update to last version, Windows Defender asked me to send the file to
>> improve detection (I had not asked for this before).
>>
>>
>>
>> 2018-01-09 11:50 GMT-03:00 Bruno Oliveira <bruno at abstractj.org>:
>>
>>> So I don't have Windows 10, but I managed to run a VM from
>>> https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/.
>>>
>>> After that I cloned the whole Keycloak repository https://github.com/
>>> keycloak/keycloak-js-bower. Nothing was found, please see the
>>> screenshot: https://i.imgur.com/1NbFGrn.png.
>>>
>>> On Tue, Jan 9, 2018 at 10:46 AM Stian Thorgersen <sthorger at redhat.com>
>>> wrote:
>>>
>>>> Please create an issue with the details. We'll need to figure out how to
>>>> reproduce the issue though. Seemed like Ramunas had tried, but that
>>>> Defender wasn't reporting anything for him.
>>>>
>>>> On 8 January 2018 at 21:18, Ariel Carrera <carreraariel at gmail.com>
>>>> wrote:
>>>>
>>>> > "when your somebody get's a keycloak's distribution to be installed"
>>>> read
>>>> > like: "when someone gets Keycloak to be installed" xD
>>>> >
>>>> > 2018-01-08 16:56 GMT-03:00 Ariel Carrera <carreraariel at gmail.com>:
>>>> >
>>>> >> Hi Stian, I checked differences in keycloak.min.js comparing version
>>>> >> 3.4.1 to 3.4.2.
>>>> >> I can't see a problem at first sight... but It's still a problem to
>>>> see
>>>> >> your antivirus alerting for a threat when your browser access to a
>>>> page
>>>> >> that uses "keycloak.min.js" or when your somebody get's a keycloak's
>>>> >> distribution to be installed.
>>>> >>
>>>> >> Maybe this issue must to be in Jira.
>>>> >>
>>>> >> Last changes in javascript file can be the problem.
>>>> >>
>>>> >> Maybe function "processInit()" needs some changes.
>>>> >>
>>>> >> Regards,
>>>> >>
>>>> >> 2018-01-08 16:26 GMT-03:00 Ariel Carrera <carreraariel at gmail.com>:
>>>> >>
>>>> >>> Checked with other computer (windows 10 + windows defender).
>>>> >>>
>>>> >>> keycloak-min.js is detected as virus from  version 3.4.2 to 3.4.3
>>>> >>>
>>>> >>>
>>>> >>> 2018-01-03 17:44 GMT-03:00 Ramunas <ramunask at gmail.com>:
>>>> >>>
>>>> >>>> * just downloaded keycloak-js-adapter-dist-3.4.2.Final.zip file
>>>> >>>> * extracted and scanned "keycloak-js-adapter-dist-3.4.2.Final"
>>>> folder
>>>> >>>> with Windows Defender on Windows 10 - no issues found
>>>> >>>> * checked for Windows updates. New update "Definition Update for
>>>> >>>> Windows Defender Antivirus - KB2267602 (Definition 1.259.1141.0)"
>>>> was found
>>>> >>>> and installed.
>>>> >>>> * scanned again. No issues found.
>>>> >>>>
>>>> >>>> Ramūnas
>>>> >>>>
>>>> >>>
>>>> >>>
>>>> >>>
>>>> >>> --
>>>> >>> Ariel Carrera
>>>> >>>
>>>> >>
>>>> >>
>>>> >>
>>>> >> --
>>>> >> Ariel Carrera
>>>> >>
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> > Ariel Carrera
>>>> >
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>
>>
>> --
>> Ariel Carrera
>>
>
>
>
> --
> Ariel Carrera
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 112492 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20180109/f1e8886c/attachment-0002.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 39616 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20180109/f1e8886c/attachment-0003.png

More information about the keycloak-user mailing list