Possible Kolab LDAP configuration information disclosure
Luca Villani
luca.villani at wseurope.com
Tue Apr 20 16:03:29 CEST 2004
Alle 14:30, martedì 20 aprile 2004, Martin Konold ha scritto:
> > /var/origkolab/etc/openldap/slapd.conf
>
> What are the access permissions on this file?
The result of a tandard QIM installation: 644.
But IMHO storing a password in clear text is a vulnerability tout court, even
if permission are 400.
> > rootpw "averystrongpassword"
> >
> > Re-enter new password:
> > {SSHA}T++o7gQdMj1b1u4pjlJ57Ei0qbAbGje2
>
> What do you gain? The above encoded pw can also be used to replay...
The above encoded pw is an SSHA encryption of the string
averystrongpassword
;-)
--
Luca Villani Wireless Solutions spa - DADA group
NOC manager Europe HQ, via Castiglione 25 Bologna
http://www.wseurope.com Tel: +39 051 2966826 Fax: +39 051 2966800
GPG public key available Mobile: +39 348 5298542 UIN: 76272621
More information about the users
mailing list