Jump to content

blocked an attempt to openly transfer the password from a web page on a public Wi-Fi network, all for algolia.net, [blocking] changes url, specific to https://community.kaspersky.com/


Go to solution Solved by Flood and Flood's wife,

Recommended Posts

Flood and Flood's wife
Posted
The application has blocked an attempt to openly transfer the password from a web page on a public Wi-Fi network URL: ic23zxnzkt-dsn.algolia.net Time: 4/20/2019 12:25 PM The application has blocked an attempt to openly transfer the password from a web page on a public Wi-Fi network URL: ic23zxnzkt-3.algolianet.com Time: 4/20/2019 12:25 PM The application has blocked an attempt to openly transfer the password from a web page on a public Wi-Fi network URL: ic23zxnzkt-dsn.algolia.net Time: 4/20/2019 12:25 PM The application has blocked an attempt to openly transfer the password from a web page on a public Wi-Fi network URL: ic23zxnzkt-1.algolianet.com Time: 4/20/2019 12:25 PM The application has blocked an attempt to openly transfer the password from a web page on a public Wi-Fi network URL: ic23zxnzkt-2.algolianet.com Time: 4/20/2019 12:25 PM ------------------------------------------------------- Happens irrespective of whether Forum is signed into or not. ------------------------------------------------------- Selecting [block] just generates another popup, same domain, different prefix. ------------------------------------------------------- Happens irrespective of which browser is used, 4 different browsers tested. Google Chrome: 73.0.3683.103 (Official Build) (64-bit) Firefox Quantum: 66.0.3 (64-bit) Microsoft Edge: 44.17763.1.0, Microsoft EdgeHTML 18.17763 Vivaldi: 2.4.1488.35 (Stable channel) (64-bit) ------------------------------------------------------- Unknown domain.... ------------------------------------------------------- Only way to kill popup is via taskmanager or reboot. ------------------------------------------------------- KTS 19.0.0.1088(e), Win 10 x 64, 1809, Version 10.0.17763.437
Posted
Adware infection? :slight_smile:
Flood and Flood's wife
Posted
Hello harlan4096, The alerts/popups only appear on Kaspersky Community Forum pages.... Surely you don't mean Kaspersky ADWARE infection???
Posted
Of course not... Wi-Fi without password? or with non-secure protocol?
Flood and Flood's wife
Posted
Hello Harlan4096, Wi-Fi without password? Nope! Non-secure protocol? Interesting, considering KTS is providing "defence". It's due to something very specific to K Community site... { ... // script that includes algolia analytics functions } ?
Flood and Flood's wife
Posted
  • 6 months later...
Posted

Hi there,

 

I work at Algolia, and stumbled upon this thread after receiving a message about this in our own forums:

https://discourse.algolia.com/t/persistent-trying-to-transfer-password-alerts-for-unknown-x-algolia-domain/8996

 

We provide Search, including on these forums.

I assume the “password” the AV detects is a read-only API key to a search index (32 chars, [a-z0-9]).

This key is not linked to the current user of the page, but the credentials of the website searching in our index.

Having it exposed is a non-issue, and furthermore the query is properly going through HTTPS.

 

If I understood correctly, this pop-up would trigger on all websites using Algolia to power their search.

 

I have 2 questions:

  1. Is there any way to have the detection code updated not to detect this pattern, which is completely legit?
  2. Is there any way to disable this detection in-app?

 

Best,

Flood and Flood's wife
Posted

Hello @Jerska.

Thank you so much!

This issue is concerning, bc, the domain is unknown (to me), a problem, bc, the “transfer password” alerts prevent continued browser use until the alert is killed via Taskmanager, killing 30+ algolianet alerts brings my work to a halt and the Community admin has advised: Community Portal only, any supported browser, any search: generates a "transfer pwd" popup, domain: ic23zxnzkt-dsn.algolia.net

It does not seem as a community issue. Try to clear cache of all browsers, remove unused addons and clear TEMP folders.

The issue has been with Kaspersky Technical Support since April 2019, 7 months. I reached out to Algolia via (your) forum, in sheer desperation. 

It’s clearly an issue, one I cannot fix, with your contribution, maybe Kaspersky will🤔

Best Regards

Posted

> This issue is concerning, bc, the domain is unknown (to me)

 

This is definitely understandable. I guess you now understand what we do, but just to be clear, we’re a service provider, and you could imagine the same type of external requests for any service provider (e.g. imgur for image hosting).

 

> It’s clearly an issue, one I cannot fix, with your contribution, maybe Kaspersky will🤔

 

As advised in our own community forums, I would encourage you to try to get in direct contact with Kaspersky’s support team.

It seems like this would be a good route:

https://support.kaspersky.com/us/b2c/US#product

 

This is basically two reports at once:

  1. The false positive detection of those calls
  2. The UI having issues when many requests are detected, requiring you to go through the Task Manager to kill it
Flood and Flood's wife
Posted

Hello  @Jerska,

Thank you.

As I advised above: The issue has been logged with Kaspersky Lab Technical Support for 7 months, and logged here in the Community Forum.

 It’s a not a succession of multiple requests, a (one) search is made, the alert pops up, no further action on the browser can happen until the a ”transfer pwd” alert process is killed. 

Killing the process allows for the “search” to be attempted again,  ”transfer pwd” alert pops again, kill process again, ad infinitum.... 

BR

Posted

Hello,

The information regarding the scenario is mentioned first time by@Jerska. We were unable to receive an exact senario of the issue reproduction before that. Thank you! And thank you for this overall analysis. It is very useful!

As I see this one request to Technical support (regarding the issue) is escalated to HQ. We will check it soon.

Flood and Flood's wife
Posted

Additional information from Algolia representative, Monday, 18 November 2019 21:42

Quote:

This is not linked to Algolia per-se, but rather the antivirus, Kaspersky.

When searching in a page using Algolia, it will trigger a request to our servers to get your search results. This is expected, and there is a key in there which I believe the anti-virus incorrectly detects as being a password. I would advise you to contact Kaspersky’s support, as this is a false positive in their systems.” 

Unquote

Posted

The issue related to the bug 3783588. It must be fixed in the next version of the product.
Thanks!

  • 1 year later...
  • Solution
Flood and Flood's wife
Posted

Hello @Anton Mefodys

Eventually fixed with version 21.2.16.590. 

Thank you🙏

Flood🐳 +🐋

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...