[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[oss-security] Multiple issues in lemonldap-ng
Looking at lemonldap-ng I noticed that it uses low-level crypto
primitives, not without some issues.
* it uses AES in CBC mode directly without setting an IV to encrypt
data that is stored client-side
* that same data is not signed, only encrypted
Despite my strong recommendation to use a library that abstracts some
of the fine details, like NaCl, libsodium, etc, upstream has responded
to the issue by issuing version 2.0.5 with the following changes:
* an IV is set but it might be generated with rand() and time() in
case of urandom being unavailable or in case the code asks for a "low"
* using sha256 as a checksum (literally just sha256 of the data, not
HMAC-SHA256 despite the code using the name hmac in some places), as
in: message = ENCRYPT(SHA256(data) || data, key, iv). Upstream calling
this MtE and using this approach instead of my recommendation of using
Some "minor" issues were also fixed, like the use of a prng instead of a csprng.
Tracked with issue #1823 , the main issue is still open to possibly
use an abstraction library in a future version.
I've neglected making a public report of this but I hope that it is
going to help things move forward.
Raphael Geissert - Debian Developer