-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to login with lpass cli #653
Comments
#540 seems related |
Hi, Same here. May be, you can update theses informations ? |
I am also suddenly seeing this issue. |
Hello! Just for clarification, the maintainer is the one responsible for updating pins.h, correct? It's not something we, as users, can modify ourselves to resolve the issue, is it? |
We might be able to gather the missing information by retrieving the fingerprints of each certificate and modifying the relevant file through a pull request. |
I did extract a pin from the cert presented to me using So this really does look to be problem. |
@NikitaCOEUR They do seem fairly responsive - my phonecall to support referred me to this issue tracker :D |
I've just opened a support ticket via the portal for them to look into it... |
I just got off the phone with support, extremely unhelpful they simply said "We don't support this" no explanation as to why or any other information. |
I'm trying to find the file pins.h after installing the lastpass-cli, but I couldn't find it. Could you please add more details about where we should edit? |
@aha-sage you need to pull down the repo and build it. |
You'll have to build from source by cloning this repo first. |
build instructions on a mac, you may need to run
|
I am getting this error after updating the pins.h and attempting to run make to build
|
Steps to remediate (I'm on macOS):
Note: on macOS, I received the following error: "/bin/sh: cmake: command not found Which was resolved by installing cmake using Brew: |
|
Its working for me now, Thanks everyone for your help. Summarization for mac users
|
Full instructions for Homebrew users who have a recipe development environment ready (homebrew-core checked out):
|
Unable to build on Ubuntu 20.04.3, maybe I'm missing something obvious?
|
@GavinKingston, to make your build-from-source process work on Apple silicon, I had to override the binary in sudo mv ~/Downloads/lastpass-cli/usr/bin/lpass `which lpass` |
Try:
|
@whatsupdox That was it, thank you! |
You all are awesome :) |
@GavinKingston tried your solution and I keep getting
|
For anyone who needs to script this patch (for example, if you have a docker container which builds lastpass cli, like my team does), here is a single line
In our case the path we extract the source to is |
Steps to build, Fedora Linux:
|
This is a very nice solution and also working on macOS... However It looks to me as your are trusting/importing the public key of the new lastpass.com server certificate and not the new CA root certificate? I think you should import the public key of the new GlobalSign ECC R5 CA root instead or else we will have the same issue next year when they renew the server certificate for lastpass.com again. I've just tried to add the hash for the GlobalSign ECC R5 CA root to pins.h instead and it it working for me. Regards, Jake |
Please also open tickets via support so they are aware of the issue and this gets fixed.
I want to keep trusting them after the recent security breach, but breaking my workflows and refusing to have that fixed would be the final nail in the coffin. I'll wait the response for my ticket, but if I get the same one I'll be migrating to an alternative. |
I created a simple python script to patch the current Ubuntu 22 version (and maybe others). import sys
import os
import hashlib
hashfile = lambda data: hashlib.sha1(data).hexdigest()
VERSIONS = [
# (name, input_sha1, output_sha1)
("1.3.3-4build1 (Ubuntu 22)", "b7a18df897cff95d52f6d3ec279c7b1d2caf798b", "e6cb221fca7f511eb91b1bb2fa6ea86347bf1fce"),
]
PATCHES = [
# current lastpass.com primary (leaf)
(b"0hkr5YW/WE6Nq5hNTcApxpuaiwlwy5HUFiOt3Qd9VBc=", b"YDjIAXSYj+mh+25FGifAiKN4oNOAj+as6gQv4naQG0M="),
# current lastpass.eu primary (leaf)
(b"8CzY4qWQKZjFDwHXTOIpsVfWkiVnrhQOJEM4Q2b2Ar4=", b"SjMnNhjAyVM5Yv6O5JaQgNygBTU0wdb8Jz3mfQfTc28="),
# GlobalSign ECC OV SSL CA 2018 intermediate CA
(b"SQAWwwYXoceSd8VNbiyxspGXEjFndkklEO2XzLMts10=", b"OD/WDbD3VsfMwwNzzy9MWd9JXppKB77Vb3ST2wn9meg="),
]
def main(filename):
orig_bin = open(filename, "rb").read()
current_hash = hashfile(orig_bin)
print("Detecting lpass version...")
expected_output_hash = None
for name, input_hash, output_hash in VERSIONS:
if input_hash == current_hash:
print("Detected version %s, with hash %s" % (name, input_hash,))
expected_output_hash = output_hash
break
else:
print("Unknown version with hash %s" % (current_hash,))
sys.exit(1)
print("Backing up original binary...")
open(filename + ".original.bak", "wb").write(orig_bin)
print("Creating patch...")
new_bin = orig_bin
for old_pk, new_pk in PATCHES:
new_bin = new_bin.replace(old_pk, new_pk)
print("Verifying patch...")
assert hashfile(new_bin) == expected_output_hash, \
"Patch verification failed, not patching"
open(filename + ".patched.bak", "wb").write(orig_bin)
print("Writing patch...")
open(filename, "wb").write(new_bin)
os.system("chmod +x %s" % (filename,))
print("Done!\n\n")
os.system("ls -l /usr/bin/lpass*")
os.system("sha1sum /usr/bin/lpass*")
if len(sys.argv) != 2:
print("Usage: patch.py LastPassBinaryPath")
sys.exit(1)
main(sys.argv[1]) |
|
@whatsupdox |
@nowakca See https://docs.brew.sh/How-To-Open-a-Homebrew-Pull-Request for how to open a pull request to notify the brew maintainers that their is a new release and for the formula should be updated. |
v1.3.5 has been released by LastPass now. At this point, it's up OS packagers to package the new version. https://github.com/lastpass/lastpass-cli/releases/tag/v1.3.5 |
Looks like the homebrew push went... Across my various test Macs which were in various phases of workarounds, the following was able to get them working again
I was able to login and access my vault. Weirdly, even though homebrew's output showed 1.3.5, I haven't looked at what specfically the homebrew bit linked to, but something seems off. Though it still functioned. (just makes it hard to detect versions for update scripts) |
I've opened a bug report for Fedora to bump their |
Tracked for Ubuntu for a 1.3.5 bump at: https://bugs.launchpad.net/ubuntu/+source/lastpass-cli/+bug/2033664 |
Until the Arch Linux package is updated to 1.3.5, you can use the following steps to produce the same result on that OS.
The result should be identical to what the official release would do once it is out.
|
LastPass changed their SSL certificate, but the LastPass client was not updated to reflect those changes. In practice, this broke version 1.3.3 of `lpass`. Since then, a new version has been released on GitHub, but the source repositories of `apt-get` have not been updated (yet). For more information, see: lastpass/lastpass-cli#653 This commit installs the latest version from GitHub instead of using `apt-get`.
LastPass changed their SSL certificate, but the LastPass client was not updated to reflect those changes. In practice, this broke version 1.3.3 of `lpass`. Since then, a new version has been released on GitHub, but the source repositories of `apt-get` have not been updated (yet). For more information, see: lastpass/lastpass-cli#653 This commit installs the latest version from GitHub instead of using `apt-get`.
LastPass changed their SSL certificate, but the LastPass client was not updated to reflect those changes. In practice, this broke version 1.3.3 of `lpass`. Since then, a new version has been released on GitHub, but the source repositories of `apt-get` have not been updated (yet). For more information, see: lastpass/lastpass-cli#653 This commit installs the latest version from GitHub instead of using `apt-get`.
LastPass changed their SSL certificate, but the LastPass client was not updated to reflect those changes. In practice, this broke version 1.3.3 of `lpass`. Since then, a new version has been released on GitHub, but the source repositories of `apt-get` have not been updated (yet). For more information, see: lastpass/lastpass-cli#653 This commit installs the latest version from GitHub instead of using `apt-get`.
LastPass changed their SSL certificate, but the LastPass client was not updated to reflect those changes. In practice, this broke version 1.3.3 of `lpass`. Since then, a new version has been released on GitHub, but the source repositories of `apt-get` have not been updated (yet). For more information, see: lastpass/lastpass-cli#653 This commit installs the latest version from GitHub instead of using `apt-get`.
LastPass changed their SSL certificate, but the LastPass client was not updated to reflect those changes. In practice, this broke version 1.3.3 of `lpass`. Since then, a new version has been released on GitHub, but the source repositories of `apt-get` have not been updated (yet). For more information, see: lastpass/lastpass-cli#653 This commit installs the latest version from GitHub instead of using `apt-get`.
Works for me on Ubuntu 20.04.6 LTS. |
LastPass changed their SSL certificate, but the LastPass client was not updated to reflect those changes. In practice, this broke version 1.3.3 of `lpass`. Since then, a new version has been released on GitHub, but the source repositories of `apt-get` have not been updated (yet). For more information, see: lastpass/lastpass-cli#653 This commit installs the latest version from GitHub instead of using `apt-get`.
On Debian 12, needs to have static keyword at the beggining of line 7 & 8 of |
@eldadpuzach How did you update lastpass-cli on Ubuntu? I just checked and apt-get is not yet listing the new version. |
The Arch Linux package for 1.3.5 has been released now. @kkomissarchik Until the official package is out, you could follow the instructions to build from source on Ubuntu: https://github.com/lastpass/lastpass-cli#debianubuntu You might want to use a tool like CheckInstall, which can end up creating a |
If you've got this as a gist or code snippet somewhere, I've got the bits I added to make this work on 20.04 as well that I'd be happy to share around. |
Hi guys, |
1.3.6 release has the fix for this issue. |
The latest version 1.3.6 doesn't appear to have been published to the apt repositories. |
Could you please specify which Linux distribution you want to get the update on? Or the other comment solved your issue as well? (Which I cannot see here anymore...) |
Ubuntu
…On Tue, 9 Jan 2024, 3:55 am bormosLP, ***@***.***> wrote:
Could you please specify which Linux distribution you want to get the
update on?
—
Reply to this email directly, view it on GitHub
<#653 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAG32ODQQCQRK272FPNUYTLYNQQHJAVCNFSM6AAAAAA4DHXKD2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOBRGQ3DONZWGI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
For Ubuntu we have a ticket here for 1.3.6: https://bugs.launchpad.net/ubuntu/+source/lastpass-cli/+bug/2033664 |
Just rebuilt lpass for AntiX on Debian 11, thanks! |
When running
lpass login john@doe.com
, I get Error: SSL peer certificate or SSH remote key was not OK.It appears the SSL certificate was updated earlier today, could this be related?
The text was updated successfully, but these errors were encountered: