Possible Kolab LDAP configuration information disclosure
Martin Konold
martin.konold at erfrakon.de
Tue Apr 20 14:30:03 CEST 2004
Am Tuesday 20 April 2004 02:06 pm schrieb Luca Villani:
Hi Luca,
> I think there is an information disclosure in slapd configuration file:
>
> /var/origkolab/etc/openldap/slapd.conf
What are the access permissions on this file?
>
> Here the rootdn password is stored in cleartext, like this:
>
> rootpw "averystrongpassword"
> Re-enter new password:
> {SSHA}T++o7gQdMj1b1u4pjlJ57Ei0qbAbGje2
What do you gain? The above encoded pw can also be used to replay...
Yours,
-- martin
Dipl.-Phys. Martin Konold
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold at erfrakon.de
More information about the users
mailing list