Bug #1894

Samba password hash disclosure

Added by Davide Principi over 6 years ago. Updated over 6 years ago.

Status:CLOSEDStart date:04/29/2013
Priority:HighDue date:04/29/2013
Assignee:-% Done:

100%

Category:nethserver-directory
Target version:v6.4-beta1
Security class: Resolution:
Affected version:v6.4-alpha2 NEEDINFO:

Description

The sambaNTPassword LDAP attribute is still readable by authenticated users
that connects through the LDAP rewrite overlay

Reproducibility always

   $ LDAPTLS_REQCERT=never ldapsearch -Z -x -H ldap://nethserver -D \
         uid=myaccount,ou=People,dc=domain,dc=tld  -b dc=domain,dc=tld -W

ACLs must be set also on the overlay


Related issues

Related to NethServer 6 - Enhancement #1650: Protect samba password ldap field CLOSED 02/11/2013 02/11/2013

Associated revisions

Revision 45cada7b
Added by Davide Principi over 6 years ago

NethServer/Directory (enforceAccessDirective): apply configuration on both bdb and rwm slapd overlay. Refs #1894

History

#1 Updated by Davide Principi over 6 years ago

  • Due date set to 04/29/2013
  • Status changed from NEW to ON_DEV
  • Assignee set to Davide Principi
  • Start date set to 04/29/2013
  • % Done changed from 0 to 30

#2 Updated by Davide Principi over 6 years ago

  • Status changed from ON_DEV to ON_QA
  • % Done changed from 30 to 80

#3 Updated by Davide Principi over 6 years ago

  • Status changed from ON_QA to MODIFIED
  • % Done changed from 80 to 100

In nethserver-samba-1.1.0-32.0git737306ee.ns6.noarch

#4 Updated by Davide Principi over 6 years ago

  • Status changed from MODIFIED to CLOSED

Also available in: Atom PDF