Vulnerabilty Alert We

Where does 1password get this information? I have never seen such an alert and the website ownwers have no idea why I would get such an alert.

So it gives me a Vulnerabilty Alert
We believe that passwords on this site or transmitted to this site have been compromized.
Please update your password.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:So it gives me a Vulnerabilty Alert We believe that passwords on this site or transmitted to this site have been compromized. Please update your password.

Comments

  • Latest ios ipad version of 1pw.

  • BenBen AWS Team

    AgileBits Team Member

    Hi @lwmcmahon

    Our information for Watchtower comes from a few different sources:

    • News articles that report on data breaches (when confirmed by the source)
    • A scan of the website to see if it is/was vulnerable to the Heartbleed SSL bug

    You can run the website in question through the Watchtower website to see more information about why the site is flagged, here:

    1Password Watchtower

    In many cases, especially if the website owner is unaware, it may be that the site was vulnerable to Heartbleed at one point, and you have not changed your password since.

    You can read more about Heartbleed here:

    Heartbleed - Wikipedia

    Thanks.

    Ben

  • Hi,

    The site is premium.wpmudev.org.
    It is clean on your scan.

    So why is 1password flagging this site? If this alert is just telling me to update my password, then it surely could be more clear.

    Larry

  • BenBen AWS Team

    AgileBits Team Member

    Larry,

    When was the last time you changed your password for this site?

    When I run it in Watchtower the warning I get is:

    If your password has not been changed since May 30, 2014 then you should change it now.

    If you haven't edited your password for this record in 1Password since that date then you would see the Watchtower warning.

    Ben

  • How does this have anything to do with the website being compromized?

    Please explain or agree with me that he message is very misleading and you wiil fix it.

    Larry

  • BenBen AWS Team

    AgileBits Team Member

    Larry,

    I don't agree at all. The problem is that we cannot confirm that the website's old SSL certificates (which may have been vulnerable to Heartbleed) have been revoked, but they applied new SSL certificates at the end of May 2014. As such if your password is older than that it may have been compromised in the Heartbleed exploit. We flag this site so that you can change your password now that they have SSL certificates that are not vulnerable to Heartbleed.

    Ben

Sign In or Register to comment.