Kaspersky
Products
Support go
Community
Personal Account go
Check a file or link
Kaspersky Club go
Kaspersky Education go
Beta Testing
back back
support
Home Support
Business Support
Virus Fighting
back back
kaspersky club
Россия и СНГ
Global
back back
kaspersky education
Бесплатный образовательный портал
Free educational videocourses
back back
Personal Account
My Kaspersky
KSOS Management Console
CompanyAccount
Question

Login problems with Algolia community software and Google ReCaptcha [MOVED]

  • 10 July 2020
  • 4 replies
  • 132 views
J
Badge

When logging in to these forums today, I found that the “new” community/forum system run by Algolia and it’s further integration with Kaspersky Company accounts has a number of problems with “ad blocking” browser plugins, some of these related to the use of Google ReCaptcha on the login page.  Basically, any attempt to whitelist the cacaphony of javascript domains loaded by the login page causes the login page to error out, requiring the user to go back to the community front page and click the login link again.

It should also be noted that the use of Google scripts on login pages may pose a security risk when used on any Russian login page, as it seems that Google will be able to change their javascript code to actively hunt down and extract the usernames and passwords used on the login page, and they might potentially share such sensitive login information with their government, which is obviously not the Russian Government, which should be a concern for Kaspersky, given prior conflicts between Kaspersky Labs and said government.

 

4 replies

Anton Mefodys
Rank
Userlevel 7
Badge +4

@jb_wisemo hello!

Regarding the first section in your reply: Is there a real stenario related to this community portal?

Regarding the second section: we will provide this information to respoisible persons.

Thank you.

"Did it answer your question? Mark it as solved!"
S
Rank
Userlevel 6

@jb_wisemo

hi!

could you please tell step by step what you do on the community to reproduce the problem?

 

We have not found any security risks related to the situation you are talking about.

Anyway, login page on our community is handled by Kaspersky (via SSO) and hosted not on Community portal.

J
Badge

The reproduction method is to use the Swedish browser “Pale Moon” with the latest compatible versions of the “uMatrix” and “RequestPolicy” browser extensions to control insecure cross-domain sharing of login information.

It might be possible to create a similar permission-prompting configuration with latest Firefox and compatible plugins.

Using these, it becomes very visible that the login process gets redirected and cross-domain loaded back and forth between domains under kaspersky.com and domains under other companies (including algolia.net, insided.com, numbered accounts under cloudfront.net and various javascript CDNs).  During the login process, recaptcha.net also appears in the list of domains accessed.

 

Flood and Flood's wife
Rank
Userlevel 7
Badge +9

The reproduction method is to use the Swedish browser “Pale Moon” 

 

Hello @jb_wisemo

Welcome back!

Specific only to the use of Pale Moon → Pale Moon it is not a Supported browser, reference: Browser support.

Thank you:pray_tone3:

Flood:whale:+:whale2:

Edgar's Mission: "If we could live happy and healthy lives without harming others... why wouldn't we?" --- "One should examine oneself for a very long time before thinking of condemning others" Moliere --- Did a reply answer your question? Please mark it as Best answer, the Topic status will change to Solved, thank you!

Reply / Ответить


 Utilities