Kolab server version 1.x suffers from an information disclosure vulnerability where it stores the OpenLDAP root password in clear text in slapd.conf.
5577b500fe7d4fa497685539c4065b07d95e2f424467819fb801504690524b83
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> Possible Kolab LDAP configuration information disclosure
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:kolab-users%40kolab.org?Subject=Possible%20Kolab%20LDAP%20configuration%20information%20disclosure&In-Reply-To=">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000247.html">
<LINK REL="Next" HREF="000218.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>Possible Kolab LDAP configuration information disclosure</H1>
<B>Luca Villani</B>
<A HREF="mailto:kolab-users%40kolab.org?Subject=Possible%20Kolab%20LDAP%20configuration%20information%20disclosure&In-Reply-To="
TITLE="Possible Kolab LDAP configuration information disclosure">luca.villani at wseurope.com
</A><BR>
<I>Tue Apr 20 14:06:08 CEST 2004</I>
<P><UL>
<LI>Previous message: <A HREF="000247.html"><no subject>
</A></li>
<LI>Next message: <A HREF="000218.html">Possible Kolab LDAP configuration information disclosure
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#215">[ date ]</a>
<a href="thread.html#215">[ thread ]</a>
<a href="subject.html#215">[ subject ]</a>
<a href="author.html#215">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Hi.
I think there is an information disclosure in slapd configuration file:
/var/origkolab/etc/openldap/slapd.conf
Here the rootdn password is stored in cleartext, like this:
rootpw "averystrongpassword"
A possible workaround is to invoke
/kolab/sbin/slappasswd
in order to manually generate an encrypted password, like this:
[<A HREF="https://kolab.org/mailman/listinfo/kolab-users">root a democrito</A> kolab]# ./sbin/slappasswd
New password:
Re-enter new password:
{SSHA}T++o7gQdMj1b1u4pjlJ57Ei0qbAbGje2
[<A HREF="https://kolab.org/mailman/listinfo/kolab-users">root a democrito</A> kolab]#
The clear text rootdn password in configuration file can be substituted with
the manually generated encrypted password, in this manner:
rootpw {SSHA}T++o7gQdMj1b1u4pjlJ57Ei0qbAbGje2
I do not tested this workaround, AFAYK are there some problems?
--
Luca Villani Wireless Solutions spa - DADA group
NOC manager Europe HQ, via Castiglione 25 Bologna
<A HREF="http://www.wseurope.com">http://www.wseurope.com</A> Tel: +39 051 2966826 Fax: +39 051 2966800
GPG public key available Mobile: +39 348 5298542 UIN: 76272621
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000247.html"><no subject>
</A></li>
<LI>Next message: <A HREF="000218.html">Possible Kolab LDAP configuration information disclosure
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#215">[ date ]</a>
<a href="thread.html#215">[ thread ]</a>
<a href="subject.html#215">[ subject ]</a>
<a href="author.html#215">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://kolab.org/mailman/listinfo/kolab-users">More information about the Kolab-users
mailing list</a><br>
</body></html>