Security concern
ProtectedKeyProvider uses DataProtectionScope.LocalMachine when calling ProtectedData.Unprotect:
return ProtectedData.Unprotect(encrypted, null, DataProtectionScope.LocalMachine);
This means any process running on the machine — even under a low-privilege user — can decrypt the AES key file. Additionally, no entropy (second parameter) is provided, further reducing the protection.
Impact
If an attacker gains any code execution on the host, they can read and decrypt the key file used by Servy to protect service credentials.
Suggested fix
- Consider using
DataProtectionScope.CurrentUser if the service account is consistent
- Add an entropy parameter (
additionalEntropy) to restrict decryption further
File
src/Servy.Core/Security/ProtectedKeyProvider.cs — line 82
Security concern
ProtectedKeyProviderusesDataProtectionScope.LocalMachinewhen callingProtectedData.Unprotect:This means any process running on the machine — even under a low-privilege user — can decrypt the AES key file. Additionally, no entropy (second parameter) is provided, further reducing the protection.
Impact
If an attacker gains any code execution on the host, they can read and decrypt the key file used by Servy to protect service credentials.
Suggested fix
DataProtectionScope.CurrentUserif the service account is consistentadditionalEntropy) to restrict decryption furtherFile
src/Servy.Core/Security/ProtectedKeyProvider.cs— line 82