oss-sec mailing list archives
Multiple issues in lemonldap-ng
From: Raphael Geissert <geissert () debian org>
Date: Thu, 28 Nov 2019 20:46:55 +0100
Hi, Looking at lemonldap-ng I noticed that it uses low-level crypto primitives, not without some issues. Notably: * it uses AES in CBC mode directly without setting an IV to encrypt data that is stored client-side * that same data is not signed, only encrypted Despite my strong recommendation to use a library that abstracts some of the fine details, like NaCl, libsodium, etc, upstream has responded to the issue by issuing version 2.0.5 with the following changes[1]: * an IV is set but it might be generated with rand() and time() in case of urandom being unavailable or in case the code asks for a "low" mode * using sha256 as a checksum (literally just sha256 of the data, not HMAC-SHA256 despite the code using the name hmac in some places), as in: message = ENCRYPT(SHA256(data) || data, key, iv). Upstream calling this MtE and using this approach instead of my recommendation of using EtM Some "minor" issues were also fixed, like the use of a prng instead of a csprng. Tracked with issue #1823 [2], the main issue is still open to possibly use an abstraction library in a future version. I've neglected making a public report of this but I hope that it is going to help things move forward. [1]https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/merge_requests/81/diffs [2]https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1823 Cheers, -- Raphael Geissert - Debian Developer www.debian.org
Current thread:
- Multiple issues in lemonldap-ng Raphael Geissert (Nov 28)