After 1PW 5.3 upgrade on Mac new vulnerable items appear in Watchtower that aren't vulnerable

[Deleted User]

Just updated to 1Password 5.3 on my Mac (OS X 10.10.2) and noticed that there are now 5 new items appearing in the Watchtower security audit. When I click the vulnerability alert on each item it takes me to the relevant agilebits web page that indicate that there are no issues with any of the 5 identified web sites. So why is 1Password showing them as vulnerable and how do I mark them as not vulnerable?

When I noticed the above issue I checked my Watchtower settings in 1Password preferences. I noticed that the "Last Updated" section showed "8 weeks ago". I disabled and re-enabled Watchtower and clicked the 'Update Now' button several times - nothing happened. Finally I removed all the entries for "1Password Mini" in LittleSnitch, restarted 1Password and tried the 'Update Now' button again. LittleSnitch prompted me to allow 1Password Mini to connect to aws.cachefly.net which I allowed and this time Watchtower updated and seems to update whenever I click the 'Update Now' button. However the same 5 items are still listed in the Watchtower audit section. Examples of the items appearing in Watchtower are:

www.dell.com
www2.hp.com/UKStore
www.basecamphq.com

Hope somebody can help!

[Deleted User]

Additional info - I have found that Watchtower has stopped syncing again. It now shows last updated 5 hours ago and clicking 'Update Now' doesn't seem to do anything. I still have the 5 items showing-up even though they are not actually vulnerable.

[Deleted User]

@agilebits Can anybody from agilebits support help me with this?

gyropilot

You're not the only one Stukey. I have the same problem with Watchtower giving false warnings for websites which are fine.

Andrew_AG

I'm not able to duplicate this for any of those sites in 1Password on my own Mac, so I'd like to ask you to create a Diagnostics Report from your Mac:
https://support.1password.com/diagnostics/mac-4.html

Then attach the entire file to an email to us: support+forum@agilebits.com

Please do not post your Diagnostics Report in the forums, but please do include a link to this thread in your email, along with your forum handle so that we can "connect the dots" when we see your Diagnostics Report in our inbox.

You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here so we can quickly track down the Report and ensure that it is dealt with quickly. :)

Once we see the report we should be able to better assist you. Thanks in advance!

[Deleted User]

Thanks @Andrew_AG. I have sent the diagnostic report into support+forum@agilebits.com. I look forward to hearing back from somebody in agilebits!

Andrew_AG

You're welcome, @stukey. :) As I mentioned previously, you should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here so we can quickly track down the Report and ensure that it is dealt with quickly.

[Deleted User]

@Andrew_AG Sorry forgot to post the support ID number, which is: LBH-35291-615

Andrew_AG

Got it. Thanks. I'll take a look and get back to you as quickly as possible.

jb510

Same problem. Dozens of logins are showing vulnerable even though WatchTower is totally disabled (has been for over a year): https://cloudup.com/cQeBenmRmDJ

I'll send in a diagnostic report too.

Andrew_AG

Thanks, @jb510. Let me know the Support ID Number too so I can take a look at it.

And @stukey, I haven't forgotten about you. I'm still digging into your report now that I'm back from my weekend. Thanks for your patience.

jb510

Andrew - #KFK-11515-324

Andrew_AG

Thank you, @jb510. I'll take a look at it and get back to you as quickly as I can.

mskopel

I am seeing several logins which have suddenly shown up under the Watchtower section as vulnerable. When I click on the "Learn more" link, the page that opens shows that the status is secure and not vulnerable to Watchtower.

My questions are, is Watchtower still an issue and, why am I seeing a Vulnerability Alert in 1P but a status page saying these particular sites are not vulnerable?

Thanks.

Andrew_AG

Hi @mskopel. I've merged your post into this existing discussion since it seems you're not the only one experiencing this. I've opened a bug report on this already, but if you could create a Diagnostics Report from your Mac, it would be helpful:
https://support.1password.com/diagnostics/mac-4.html

Then attach the entire file to an email to us: support+forum@agilebits.com

Please do not post your Diagnostics Report in the forums, but please do include a link to this thread in your email, along with your forum handle so that we can "connect the dots" when we see your Diagnostics Report in our inbox.

You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here so we can quickly track down the Report and ensure that it is dealt with quickly. :)

Once we see the report we should be able to better assist you. Thanks in advance!

ref: OPM-3003

mskopel

Done, here's the support id: AEL-72955-742

Thanks.

Andrew_AG

Thank you. I'll get that added to the bug report so our developers have more to go on.

Andrew_AG

I've already emailed @stukey, but for anybody else who might be experiencing this, we believe we've solved the mystery. It looks like the way Watchtower in the 1Password 5 for Mac app works is slightly different from the way Watchtower on our website works, hence the discrepancy when comparing the same URL in both, but it turns out that what you're seeing actually is technically what you should be seeing.

The confusion is created by the way https://watchtower.agilebits.com looks up vulnerabilities vs the way 1Password 5 for Mac does. The https://watchtower.agilebits.com site looks specifically at what you enter and makes a distinction between subdomain.domain.com and domain.com (for example) and only gives you the results for the actual domain name you enter, whereas the app looks at the whole domain (including all subdomains) no matter what variation of the domain name you enter, so if any variation of that domain was ever flagged as vulnerable by Watchtower it will show an alert in the app.

So, bottom line, your logins are probably fine, but in the interest of erring on the side of caution, we recommend changing the passwords for any items that are showing this alert anyway, just to be safe (and also to get rid of the alert banner too, of course).

danco

I've just checked myself, and found that for several of the sites, the site is not currently vulnerable and the certificate was reissued some time last year, but

"It can not be determined if the old certificates have been revoked"

Andrew_AG

@danco, are you seeing alerts in the 1Password 5 for Mac app for these sites, or is it just on the https://watchtower.agilebits.com site?

danco

I got the vulnerability alerts in 1PW5 on my Mac, for some sites, including important financial ones. When I click on the alert, it give a message and a Learn More button. When I click on Learn More, I get to the watchtower.agilebits site, which then gave me the message above on several of the sites shown as vulnerable in 1PW on the Mac.

Andrew_AG

@danco, can you let me know some examples so I can take a look at them?