View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Supportez nous sur Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - MAJOR - Security Bug with LDAP authentication - ProjeQtOr

Prochaines sessions de formation

Les prochaines formations et démonstrations sont ouvertes, inscrivez-vous rapidement !

 

Démonstration de ProjeQtOr

(gratuit, sur inscription)

Mardi 23 avril (10h30-12h)

Jeudi 16 mai (16h-17h30)

Jeudi 13 juin (10h30-12h)

  
 

Planifiez avec ProjeQtOr

3 et 4 avril (9h - 12h30)

  
 

Administrez avec ProjeQtOr

10 et 11 avril (9h - 12h30)

  

 

 
 

MAJOR - Security Bug with LDAP authentication

More
09 Juil 2014 21:49 #1 by neopk
MAJOR - Security Bug with LDAP authentication was created by neopk
Hi,

I discovered a bug when we use LDAP authentication.
I put LDAP username in login input, then i submit login with empty password, we obtain a successfull authentication.

TO fix the problem i modified the /tool/loginCheck.php file on line 21 : replace if ($password=="") {...} by if (AesCtr::decrypt($password, $_SESSION=="") . Password is encrypt, so $password is never empty, then when the function ldap_bind (/model/User.php line 798) is used, it always return true because of empty password.

Thank you.

Please Connexion or Create an account to join the conversation.

More
09 Juil 2014 22:35 #2 by babynus
Replied by babynus on topic MAJOR - Security Bug with LDAP authentication
Hi,

Thank you for this acurate analysis.

What seems strange to me is that code on line 805 in User.php should refuse empty password.
if (! $bind_user or !$parampassword) {
//debugLog("incorrect binding");			
				return "login";
			}
Moreover, try and disable anonymous connection to your LDAP : empty password should fail.

Anyway, your proposale is cute and will secure this phase.
I will include it in next patch version (V4.3.3)
Thanks.
Babynus
Administrator of ProjeQtOr web site
The following user(s) said Thank You: neopk

Please Connexion or Create an account to join the conversation.

More
09 Juil 2014 22:51 #3 by neopk
Replied by neopk on topic MAJOR - Security Bug with LDAP authentication
Indeed, this verification seems not to be in 4.1.2 version (we are again on this version), so this bug is probably not on lastests versions. I apologize !

Maybe it will not be fixed yet next time. :)

Thanks for your reply.

Please Connexion or Create an account to join the conversation.

More
10 Juil 2014 14:21 #4 by mdocken
Replied by mdocken on topic MAJOR - Security Bug with LDAP authentication
I am on 4.3.2 with ldap auth. It refuses blank password.

Please Connexion or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.039 seconds

Paramétrages de cookies

×

Cookies fonctionnels

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Veuillez vous connecter pour voir vos activités!

Autres cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form