Is "Secret Server Login Assist" on Firefox Add-ons Safe to Install?
Launch websites and pre-fill logins directly from Secret Server. Access secrets from within a login form on any website. Requirements: Secret Server (version 10.3.x or lower require a patch - please check the Thycotic support portal for more information) Secret Server must be accessible by HTTPS To use: Ensure you are logged in to Secret Server within Firefox. Click the toolbar button, enter your Secret Server URL (including any subdirectories) and save. Check password fields on any website for the Secret Server logo. This will give you access to all secrets for that site From within Secret Server, use the web password launcher from any secret to launch that site and pre-fill the login details.
Risk Assessment
Analyzed134 security findings detected across all analyzers
Firefox extension requesting 8 permissions
Severity Breakdown
Finding Categories
YARA Rules Matched
9 rules(16 hits)Requested Permissions
8 permissionsAccess and modify data on every website you visit
Read and modify cookies on all sites
Intercept, modify, and block all network requests
Block network requests before they complete
About This Extension
Detailed Findings
18 totalYARA Rule Matches
9 rulesIndicators of Compromise
Network indicators, suspicious strings, and potential IoCs extracted during analysis
All Indicators · 116
detected Domain: signingca1.addons.mozilla.org XIOC detected Domain: signingca1.addons.mozilla.org
extracted_from_files
detected Domain: ns.adobe.com XIOC detected Domain: ns.adobe.com
extracted_from_files
detected MD5 Hash: A3C6AE2DF8CF11E49F0BA18ADF3545A4 XIOC detected MD5 Hash: A3C6AE2DF8CF11E49F0BA18ADF3545A4
extracted_from_files
detected SHA256 Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de XIOC detected SHA256 Hash: 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
extracted_from_files
detected URL: http://www.w3.org/1999/02/22-rdf-syntax-ns# XIOC detected URL: http://www.w3.org/1999/02/22-rdf-syntax-ns#
extracted_from_files
detected URL: http://ns.adobe.com/xap/1.0/ XIOC detected URL: http://ns.adobe.com/xap/1.0/
extracted_from_files
detected URL: http://ns.adobe.com/xap/1.0/mm/ XIOC detected URL: http://ns.adobe.com/xap/1.0/mm/
extracted_from_files
detected URL: http://ns.adobe.com/xap/1.0/sType/ResourceRef# XIOC detected URL: http://ns.adobe.com/xap/1.0/sType/ResourceRef#
extracted_from_files
detected MD5 Hash: f6d92ea486a4be129f5001723d446f89 XIOC detected MD5 Hash: f6d92ea486a4be129f5001723d446f89
extracted_from_files
detected MD5 Hash: A3C6AE2EF8CF11E49F0BA18ADF3545A4 XIOC detected MD5 Hash: A3C6AE2EF8CF11E49F0BA18ADF3545A4
extracted_from_files
detected MD5 Hash: A3C6AE2FF8CF11E49F0BA18ADF3545A4 XIOC detected MD5 Hash: A3C6AE2FF8CF11E49F0BA18ADF3545A4
extracted_from_files
detected Domain: clickitem.click XIOC detected Domain: clickitem.click
extracted_from_files
detected Domain: icondiv.style.top XIOC detected Domain: icondiv.style.top
extracted_from_files
detected Domain: coords.top XIOC detected Domain: coords.top
extracted_from_files
detected Domain: el.style.top XIOC detected Domain: el.style.top
extracted_from_files
detected Domain: script.id XIOC detected Domain: script.id
extracted_from_files
detected URL: http://addons.mozilla.org/ca/crl.pem0N XIOC detected URL: http://addons.mozilla.org/ca/crl.pem0N
extracted_from_files
detected Domain: event.data XIOC detected Domain: event.data
extracted_from_files
detected Domain: event.data.tab XIOC detected Domain: event.data.tab
extracted_from_files
detected Domain: window.top XIOC detected Domain: window.top
extracted_from_files
detected Domain: offset.top XIOC detected Domain: offset.top
extracted_from_files
detected Domain: secret.name XIOC detected Domain: secret.name
extracted_from_files
detected Domain: window.location.host XIOC detected Domain: window.location.host
extracted_from_files
detected Domain: namepos.top-passpos.top XIOC detected Domain: namepos.top-passpos.top
extracted_from_files
detected Domain: y.fail XIOC detected Domain: y.fail
extracted_from_files
detected Domain: v.data XIOC detected Domain: v.data
extracted_from_files
detected Domain: h.open XIOC detected Domain: h.open
extracted_from_files
detected Domain: d.top XIOC detected Domain: d.top
extracted_from_files
detected Domain: j.id XIOC detected Domain: j.id
extracted_from_files
detected Domain: b.top-h.top XIOC detected Domain: b.top-h.top
extracted_from_files
detected Domain: b.using.call XIOC detected Domain: b.using.call
extracted_from_files
detected Domain: b.target XIOC detected Domain: b.target
extracted_from_files
detected Domain: this.name XIOC detected Domain: this.name
extracted_from_files
detected Domain: lb.host XIOC detected Domain: lb.host
extracted_from_files
detected Domain: j.host XIOC detected Domain: j.host
extracted_from_files
detected Domain: o.data XIOC detected Domain: o.data
extracted_from_files
detected Domain: o.global XIOC detected Domain: o.global
extracted_from_files
detected Domain: o.beforesend.call XIOC detected Domain: o.beforesend.call
extracted_from_files
detected Domain: g.empty.fire XIOC detected Domain: g.empty.fire
extracted_from_files
detected Domain: j.opts.start.call XIOC detected Domain: j.opts.start.call
extracted_from_files
detected Domain: j.opts.fail XIOC detected Domain: j.opts.fail
extracted_from_files
detected Domain: r.fx.off XIOC detected Domain: r.fx.off
extracted_from_files
detected Domain: d.old.call XIOC detected Domain: d.old.call
extracted_from_files
detected Domain: e.stop.call XIOC detected Domain: e.stop.call
extracted_from_files
detected Domain: finish.call XIOC detected Domain: finish.call
extracted_from_files
detected Domain: this.map XIOC detected Domain: this.map
extracted_from_files
detected Domain: b.top XIOC detected Domain: b.top
extracted_from_files
detected Domain: i.style XIOC detected Domain: i.style
extracted_from_files
detected Domain: this.now XIOC detected Domain: this.now
extracted_from_files
detected Domain: this.options.step.call XIOC detected Domain: this.options.step.call
extracted_from_files
detected Domain: a.elem.style XIOC detected Domain: a.elem.style
extracted_from_files
detected Domain: a.now XIOC detected Domain: a.now
extracted_from_files
detected Domain: this.target XIOC detected Domain: this.target
extracted_from_files
detected Domain: r.now XIOC detected Domain: r.now
extracted_from_files
detected Domain: this.off XIOC detected Domain: this.off
extracted_from_files
detected Domain: f.events XIOC detected Domain: f.events
extracted_from_files
detected Domain: g.events XIOC detected Domain: g.events
extracted_from_files
detected Domain: q.call XIOC detected Domain: q.call
extracted_from_files
detected Domain: b.events XIOC detected Domain: b.events
extracted_from_files
detected Domain: k.predispatch.call XIOC detected Domain: k.predispatch.call
extracted_from_files
detected Domain: r.event.handlers.call XIOC detected Domain: r.event.handlers.call
extracted_from_files
detected Domain: b.data XIOC detected Domain: b.data
extracted_from_files
detected Domain: g.data XIOC detected Domain: g.data
extracted_from_files
detected Domain: k.postdispatch.call XIOC detected Domain: k.postdispatch.call
extracted_from_files
detected Domain: a.target XIOC detected Domain: a.target
extracted_from_files
detected Domain: this.click XIOC detected Domain: this.click
extracted_from_files
detected Domain: ma.td XIOC detected Domain: ma.td
extracted_from_files
detected Domain: q.events XIOC detected Domain: q.events
extracted_from_files
detected Domain: l.setup.call XIOC detected Domain: l.setup.call
extracted_from_files
detected Domain: l.add.call XIOC detected Domain: l.add.call
extracted_from_files
detected Domain: r.event.global XIOC detected Domain: r.event.global
extracted_from_files
detected Domain: l.remove.call XIOC detected Domain: l.remove.call
extracted_from_files
detected Domain: l.teardown.call XIOC detected Domain: l.teardown.call
extracted_from_files
detected Domain: b.map XIOC detected Domain: b.map
extracted_from_files
detected Domain: f.empty.fire XIOC detected Domain: f.empty.fire
extracted_from_files
detected Domain: a.style XIOC detected Domain: a.style
extracted_from_files
detected Domain: r.style XIOC detected Domain: r.style
extracted_from_files
detected Domain: d.style XIOC detected Domain: d.style
extracted_from_files
detected Domain: this.show XIOC detected Domain: this.show
extracted_from_files
detected Domain: ma.th XIOC detected Domain: ma.th
extracted_from_files
detected Domain: b.id XIOC detected Domain: b.id
extracted_from_files
detected Domain: b.next XIOC detected Domain: b.next
extracted_from_files
detected Domain: e.call XIOC detected Domain: e.call
extracted_from_files
detected Domain: ga.select XIOC detected Domain: ga.select
extracted_from_files
detected Domain: j.call XIOC detected Domain: j.call
extracted_from_files
detected Domain: b.name XIOC detected Domain: b.name
extracted_from_files
detected Domain: d.call XIOC detected Domain: d.call
extracted_from_files
detected Domain: m.top XIOC detected Domain: m.top
extracted_from_files
detected Domain: ga.support XIOC detected Domain: ga.support
extracted_from_files
detected Domain: e.top XIOC detected Domain: e.top
extracted_from_files
detected Domain: d.filter.id XIOC detected Domain: d.filter.id
extracted_from_files
detected Domain: d.find.id XIOC detected Domain: d.find.id
extracted_from_files
detected Domain: s.call XIOC detected Domain: s.call
extracted_from_files
detected Domain: c.call XIOC detected Domain: c.call
extracted_from_files
detected Domain: a.call XIOC detected Domain: a.call
extracted_from_files
detected Domain: k.call XIOC detected Domain: k.call
extracted_from_files
detected Domain: l.call XIOC detected Domain: l.call
extracted_from_files
detected Domain: b.call XIOC detected Domain: b.call
extracted_from_files
detected Domain: h.call XIOC detected Domain: h.call
extracted_from_files
detected Domain: i.call XIOC detected Domain: i.call
extracted_from_files
detected Domain: date.now XIOC detected Domain: date.now
extracted_from_files
detected Domain: e.data XIOC detected Domain: e.data
extracted_from_files
detected Domain: tab.id XIOC detected Domain: tab.id
extracted_from_files
detected Domain: sender.tab XIOC detected Domain: sender.tab
extracted_from_files
detected Domain: jquery.org XIOC detected Domain: jquery.org
extracted_from_files
detected Domain: m.call XIOC detected Domain: m.call
extracted_from_files
detected Domain: f.call XIOC detected Domain: f.call
extracted_from_files
detected Domain: r.map XIOC detected Domain: r.map
extracted_from_files
detected Domain: mozilla.com XIOC detected Domain: mozilla.com
extracted_from_files
detected Domain: addons.mozilla.org XIOC detected Domain: addons.mozilla.org
extracted_from_files
detected Domain: content-signature.mozilla.org XIOC detected Domain: content-signature.mozilla.org
extracted_from_files
detected Domain: thycotic.com XIOC detected Domain: thycotic.com
extracted_from_files
detected Domain: t8bd9f2ce223986cce5be78bd95782a49.f6d92ea486a4be129f5001723d446f89.addons.mozilla.org XIOC detected Domain: t8bd9f2ce223986cce5be78bd95782a49.f6d92ea486a4be129f5001723d446f89.addons.mozilla.org
extracted_from_files
detected Domain: www.w3.org XIOC detected Domain: www.w3.org
extracted_from_files
detected MD5 Hash: A3C6AE2CF8CF11E49F0BA18ADF3545A4 XIOC detected MD5 Hash: A3C6AE2CF8CF11E49F0BA18ADF3545A4
extracted_from_files
Security Analysis Summary
Security Analysis Overview
Secret Server Login Assist is a Firefox Add-ons extension published by Delinea. Version 2.1.1 has been analyzed by the Risky Plugins security platform, receiving a risk score of 58.98/100 (MEDIUM risk) based on 134 security findings.
Risk Assessment
This extension presents moderate security risk. Several findings were detected that may warrant attention. Users should carefully review the permissions and findings before installation.
Findings Breakdown
- High: 16 finding(s)
- Medium: 118 finding(s)
What Was Analyzed
The security assessment covers multiple analysis categories:
- Malware Detection: YARA rule matching against 2,400+ malware signatures
- Secret Detection: Scanning for exposed API keys, tokens, and credentials
- Static Analysis: Code-level security analysis for common vulnerability patterns
- Network Analysis: Detection of suspicious network communications and endpoints
- Obfuscation Detection: Identification of code obfuscation techniques
Developer Information
Secret Server Login Assist is published by Delinea on the Firefox Add-ons marketplace. The extension has approximately 104 users.
Recommendation
Exercise caution with this extension. Review the detailed findings and ensure the requested permissions align with the extension's stated functionality before installation.
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace
Delinea Web Password Filler
Delinea
Delinea Web Password Filler
Delinea
Delinea Credential Manager
Delinea
Delinea Credential Manager
Delinea
Secret Server Login Assist
Delinea
Secret Server Utilities for Firefox
Delinea