I'm not sure if this is truly a vulnerability, but I thought I'd put it out there for discussion.
openldap 2.4.6 bdb backend ppolicy overlay
I have set up so a default ppolicy such that 3 old passwords are stored in a users pwdHistory attribute.
When I back up the bdb database via slapcat -l backup.ldif the userPassword field looks to be Base64 hashed.
userPassword:: e1NTSEF9VWFTNDNVDRWEx1QzEyWjASGVWc0VZHRNTmt4M1c=
but the passwd history leaves the passwd hashes visible.
pwdHistory: 20071203220105Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}wAuvjfMkMyKKHcMV1Tg7qiG0x4
Obviously these backup LDIF files are keep as secure as possible, and these are OLD passwds, but should the pwdHistory attribute also be hashed when being slapcated?
Scott
I imagine the question would be if this is successful or not -- i.e., if you have a userPassword -> pwdHistory value with high characters and attempt to reuse it later, does this allow the password to be improperly reused? If you've got some data where this is happening and can run that experiment, that'd be a good data point.
On Mon, 3 Dec 2007, Scott Classen wrote:
I'm not sure if this is truly a vulnerability, but I thought I'd put it out there for discussion.
openldap 2.4.6 bdb backend ppolicy overlay
I have set up so a default ppolicy such that 3 old passwords are stored in a users pwdHistory attribute.
When I back up the bdb database via slapcat -l backup.ldif the userPassword field looks to be Base64 hashed.
userPassword:: e1NTSEF9VWFTNDNVDRWEx1QzEyWjASGVWc0VZHRNTmt4M1c=
but the passwd history leaves the passwd hashes visible.
pwdHistory: 20071203220105Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}wAuvjfMkMyKKHcMV1Tg7qiG0x4
Obviously these backup LDIF files are keep as secure as possible, and these are OLD passwds, but should the pwdHistory attribute also be hashed when being slapcated?
Scott
Scott Classen writes:
I'm not sure if this is truly a vulnerability, but I thought I'd put it out there for discussion. (...) When I back up the bdb database via slapcat -l backup.ldif the userPassword field looks to be Base64 hashed. (...) but the passwd history leaves the passwd hashes visible.
If you can get at the base64 representation, you can also base64-decode it. However if a userPassword contains a plaintext password and is not base64-encoded, you can then accidentally display the password for others to see. I think that's why userPassword is displayed in base64.
I don't remember if pwdHistory can contain a currently active password? Otherwise it doesn't seem much of a problem.
But this reminds me - there are also back-config attributes which contain passwords, in particular olcRootPW. I'm not sure that is a problem though. Hopefully people are more careful with who is looking when they are playing with cn=config, in particular if they have plaintext passwords there. And base64-encoding it could frustrate people who _want_ to read it. I don't know whether the best approach is to base64 those attributes or leave them alone.
I'm not sure if this is truly a vulnerability, but I thought I'd put it
out there for discussion.
I have set up so a default ppolicy such that 3 old passwords are stored
in a users pwdHistory attribute.
When I back up the bdb database via slapcat -l backup.ldif the
userPassword field looks to be Base64
hashed.
userPassword:: e1NTSEF9VWFTNDNVDRWEx1QzEyWjASGVWc0VZHRNTmt4M1c=
but the passwd history leaves the passwd hashes visible.
pwdHistory:
20071203220105Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}wAuvjfMkMyKKHcMV1 Tg7qiG0x4
Obviously these backup LDIF files are keep as secure as possible, and
these are OLD passwds, but
should the pwdHistory attribute also be hashed when being slapcated?
Keep in mind that base 64 encoded hashing is NOT any form of encryption - i.e. it's reversible, and you don't have to "know" anything secret to decode it, so the fact that one is base64 hashed and one is not really provides no true security benefit (other than very minimal obscuring so that you can't see passwords at a quick glance) and doesn't create any real security hole. The main reason for base64 encoding attributes in LDAP, as far as I've ever heard, is just to ensure binary values are 7 bit ascii text file safe for import/export. Base64 is definitely not something to consider as a security mechanism. The ssha hash is what "protects" the password (i.e. it IS encryption). You want to prevent people from seeing that hash (i.e. acl's to prevent seeing it via LDAP lookups, secure the slapcat output, etc) because it is possible to come up with a valid password using the ssha hash (brute forcing it offline, or I'm sure there are huge precomputed db's of ssha hashes out there, etc), but the base64 encoding itself is a minimum to none barrier to any of this.
My biggest question would be why these 2 attributes are treated differently - i.e. are userpassword and pwdhistory different types or something to trigger different behaviour, or does slapcat just hardcode userpassword as an attribute to base64 hash, etc?
- Jeff
Clowser, Jeff (Contractor) writes:
My biggest question would be why these 2 attributes are treated differently - i.e. are userpassword and pwdhistory different types or something to trigger different behaviour, or does slapcat just hardcode userpassword as an attribute to base64 hash, etc?
slapcat and ldapsearch (via liblutil/ldif.c) hardcode that userPassword is base64-encoded. So are '<attribute>;binary', attribute values which contain 8-bit characters, and some other special cases.
On Dec 4, 2007, at 7:06 AM, Clowser, Jeff (Contractor) wrote:
I'm not sure if this is truly a vulnerability, but I thought I'd put it
out there for discussion.
I have set up so a default ppolicy such that 3 old passwords are stored
in a users pwdHistory attribute.
When I back up the bdb database via slapcat -l backup.ldif the
userPassword field looks to be Base64
hashed.
userPassword:: e1NTSEF9VWFTNDNVDRWEx1QzEyWjASGVWc0VZHRNTmt4M1c=
but the passwd history leaves the passwd hashes visible.
pwdHistory:
20071203220105Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA} wAuvjfMkMyKKHcMV1 Tg7qiG0x4
Obviously these backup LDIF files are keep as secure as possible, and
these are OLD passwds, but
should the pwdHistory attribute also be hashed when being slapcated?
Keep in mind that base 64 encoded hashing is NOT any form of encryption
- i.e. it's reversible, and you don't have to "know" anything
secret to decode it, so the fact that one is base64 hashed and one is not really provides no true security benefit (other than very minimal obscuring so that you can't see passwords at a quick glance) and doesn't create any real security hole. The main reason for base64 encoding attributes in LDAP, as far as I've ever heard, is just to ensure binary values are 7 bit ascii text file safe for import/export. Base64 is definitely not something to consider as a security mechanism. The ssha hash is what "protects" the password (i.e. it IS encryption). You want to prevent people from seeing that hash (i.e. acl's to prevent seeing it via LDAP lookups, secure the slapcat output, etc) because it is possible to come up with a valid password using the ssha hash (brute forcing it offline, or I'm sure there are huge precomputed db's of ssha hashes out there, etc), but the base64 encoding itself is a minimum to none barrier to any of this.
My biggest question would be why these 2 attributes are treated differently - i.e. are userpassword and pwdhistory different types or something to trigger different behaviour, or does slapcat just hardcode userpassword as an attribute to base64 hash, etc?
- Jeff
Aha, I see. I guess a simple google search could have told me that base64 is not an encryption algorithm. I appreciate the responses.
Scott
:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~: Scott Classen, Ph.D. SIBYLS Beamline 12.3.1 Advanced Light Source Lawrence Berkeley National Laboratory 1 Cyclotron Road, MS6R2100 c) 510.206.4418 o) 510.495.2697 beamline) 510.495.2134 :~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:
openldap-software@openldap.org
-
Aaron Richton -
Clowser, Jeff (Contractor) -
Hallvard B Furuseth -
Scott Classen