LWN.net Logo

Advertisement

Netronome is hiring!

Interested in hardware, diags, validation, Linux, C, ARM, Microcode and low level programming and blazing networks?

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kolab: password disclosure

Package(s):kolab CVE #(s):
Created:May 5, 2004 Updated:May 27, 2004
Description: Kolab stores passwords in plain text format, and these passwords can read from the underlying LDAP database. See this advisory for more information.
Alerts:
Mandrake MDKSA-2004:052 2004-05-26
OpenPKG OpenPKG-SA-2004.019 2004-05-05
(Log in to post comments)

kolab server: password disclosure

Posted May 7, 2004 10:11 UTC (Fri) by ber (subscriber, #2142) [Link]

As the continued discussion on the list showed,
the problem was not that "passwords are stored in plaintext".
It does not matter much if they are stored in plaintext,
because if you can read the hashed version, this is also bad.

The email pointed out the problem that early files
containing the LDAP root password had wrong permissions.
This is a local exploit that exposes the LDAP
which might contain Kolab user passwords.
Kolab1 design aimed at use on a dedicated server without
user accounts, which partly explains how the problem was found to late.

kolab server: password disclosure

Posted Jun 3, 2004 9:31 UTC (Thu) by ekj (subscriber, #1524) [Link]

But not nearly as bad.

If you can read the plaintext passwords, it means that not only has that server immediately lost it's entire password-database, but also, any user who used the same password on more than one site is compromised across all those sites.

Had they used something more sane, like NOT storing the password, but instead storing something like sha1sum(<password>,<salt>), <salt>, then even an attacker who had obtained the password-file would need to brute-force by for each user guessing the password, hashing and testing if the hash fits.

Practically, this would mean that users who has good, long, high-entropy passwords have a fair chanse their passwords will *not* be compromised.

This design, and the rationale behind it has been *extremely* well-known for atleast the last few *decades*. There's no excuse for neglecting it in any project these days.

You're offcourse rigth that *also* the password-info should've been unreadable. But security-in-depth ain't that dumb of a concept. Even if you *intend* to prevent people from reading the password-file, it *STILL* makes sense to design so as to minimize the impact if reading of the password-file still happens somehow.

kolab server: password disclosure

Posted Jun 4, 2004 14:48 UTC (Fri) by ber (subscriber, #2142) [Link]

That the passwords were readable was the security hole; saving them hashed makes exploitation harder. The original announcement was unprecise about what was the hole. Of course it is good to save the passwords hashed, but unless you expose them, it is not a real hole.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds