Jump to content
Kaspersky Support Forum

Login problems with Algolia community software and Google ReCaptcha [MOVED]

jb_wisemo
 Share

Recommended Posts

jb_wisemo

jb_wisemo

Posted
  • Author
Posted

When logging in to these forums today, I found that the “new” community/forum system run by Algolia and it’s further integration with Kaspersky Company accounts has a number of problems with “ad blocking” browser plugins, some of these related to the use of Google ReCaptcha on the login page.  Basically, any attempt to whitelist the cacaphony of javascript domains loaded by the login page causes the login page to error out, requiring the user to go back to the community front page and click the login link again.

It should also be noted that the use of Google scripts on login pages may pose a security risk when used on any Russian login page, as it seems that Google will be able to change their javascript code to actively hunt down and extract the usernames and passwords used on the login page, and they might potentially share such sensitive login information with their government, which is obviously not the Russian Government, which should be a concern for Kaspersky, given prior conflicts between Kaspersky Labs and said government.

 

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

@jb_wisemo hello!

Regarding the first section in your reply: Is there a real stenario related to this community portal?

Regarding the second section: we will provide this information to respoisible persons.

Thank you.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

@jb_wisemo

hi!

could you please tell step by step what you do on the community to reproduce the problem?

 

We have not found any security risks related to the situation you are talking about.

Anyway, login page on our community is handled by Kaspersky (via SSO) and hosted not on Community portal.

Link to comment
Share on other sites
  • 5 months later...
jb_wisemo

jb_wisemo

Posted
  • Author
Posted

The reproduction method is to use the Swedish browser “Pale Moon” with the latest compatible versions of the “uMatrix” and “RequestPolicy” browser extensions to control insecure cross-domain sharing of login information.

It might be possible to create a similar permission-prompting configuration with latest Firefox and compatible plugins.

Using these, it becomes very visible that the login process gets redirected and cross-domain loaded back and forth between domains under kaspersky.com and domains under other companies (including algolia.net, insided.com, numbered accounts under cloudfront.net and various javascript CDNs).  During the login process, recaptcha.net also appears in the list of domains accessed.

 

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...