View Issue Details

IDProjectCategoryView StatusLast Update
0004137SOGoBackend Generalpublic2018-04-27 08:56
Reporterskrupellos Assigned Toludovic  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version3.2.8 
Fixed in Version3.2.9 
Summary0004137: Lockout after password change using sha256-crypt/sha512-crypt (at least with OpenLDAP backend)
Description

A user can lock it self out by changing their password.

Steps To Reproduce

1) Use an OpenLDAP authentication backend.

2) Configure:
userPasswordAlgorithm = "sha512-crypt";
SOGoPasswordChangeEnabled = "YES";

3) Login

4) Change password

5) Logout

... now you can't login again.

Additional Information

this is caused, because the LDAP attribute "userPassword" is set to "{sha512-crypt}$6$...". Correct would be "{crypt}$6$...", at least for OpenLDAP.

See https://github.com/Skrupellos/sogo-patches/blob/v3.2.8/05-fix_crypt.patch for minimal fix. Maybe other authentication sources also need this kind of fix.

TagsNo tags attached.

Activities

ludovic

ludovic

2017-05-08 10:42

administrator   ~0011793

I think we should also check for md5-crypt.

Related Changesets

sogo: master 63cb8014

2017-05-08 10:44:12

ludovic

Details Diff
(fix) make sure to use crypt as the scheme for md5/sha256/sha512 (fixes 0004137) Affected Issues
0004137
mod - SoObjects/SOGo/LDAPSource.m Diff File
mod - SoObjects/SOGo/SQLSource.m Diff File

sogo: v2 c3121c50

2017-05-08 10:44:12

ludovic

Details Diff
(fix) make sure to use crypt as the scheme for md5/sha256/sha512 (fixes 0004137) Affected Issues
0004137
mod - SoObjects/SOGo/LDAPSource.m Diff File
mod - SoObjects/SOGo/SQLSource.m Diff File

sogo: master b0e59f9a

2018-04-27 08:55:13

ludovic

Details Diff
Revert "(fix) make sure to use crypt as the scheme for md5/sha256/sha512 (fixes 0004137)"

This reverts commit 63cb80142b1dcdb581ace018a5c715ed42a73eab.
Affected Issues
0004137
mod - SoObjects/SOGo/LDAPSource.m Diff File
mod - SoObjects/SOGo/SQLSource.m Diff File

Issue History

Date Modified Username Field Change
2017-04-09 11:40 skrupellos New Issue
2017-05-08 10:42 ludovic Note Added: 0011793
2017-05-08 10:44 ludovic Changeset attached => sogo master 63cb8014
2017-05-08 10:44 ludovic Assigned To => ludovic
2017-05-08 10:44 ludovic Resolution open => fixed
2017-05-08 10:45 ludovic Changeset attached => sogo v2 c3121c50
2017-05-08 10:47 ludovic Status new => resolved
2017-05-08 10:47 ludovic Fixed in Version => 3.2.9
2018-04-27 08:56 ludovic Changeset attached => sogo master b0e59f9a