[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Multiple issues in lemonldap-ng
From: Raphael Geissert <geissert () debian ! org>
Date: 2019-11-28 19:46:55
Message-ID: CAA7hUgF2iQ+danfsTDqjY2weCXGay71363bbgBWbb_6kyiBNgg () mail ! gmail ! com
[Download RAW message or body]
Hi,
Looking at lemonldap-ng I noticed that it uses low-level crypto
primitives, not without some issues.
Notably:
* it uses AES in CBC mode directly without setting an IV to encrypt
data that is stored client-side
* that same data is not signed, only encrypted
Despite my strong recommendation to use a library that abstracts some
of the fine details, like NaCl, libsodium, etc, upstream has responded
to the issue by issuing version 2.0.5 with the following changes[1]:
* an IV is set but it might be generated with rand() and time() in
case of urandom being unavailable or in case the code asks for a "low"
mode
* using sha256 as a checksum (literally just sha256 of the data, not
HMAC-SHA256 despite the code using the name hmac in some places), as
in: message = ENCRYPT(SHA256(data) || data, key, iv). Upstream calling
this MtE and using this approach instead of my recommendation of using
EtM
Some "minor" issues were also fixed, like the use of a prng instead of a csprng.
Tracked with issue #1823 [2], the main issue is still open to possibly
use an abstraction library in a future version.
I've neglected making a public report of this but I hope that it is
going to help things move forward.
[1]https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/merge_requests/81/diffs
[2]https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1823
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic