Bug #1142: security problem in EC2 - OpenNebula - OpenNebula Development pages

Bug #1142

security problem in EC2

Added by Rolandas Naujikas over 9 years ago. Updated over 9 years ago.

Status:

Closed

Start date:

02/25/2012

Priority:

High

Due date:

Assignee:

Daniel Molina

% Done:

100%

Category:

Target version:

Release 3.4 - Beta

Resolution:

fixed

Pull request:

Affected Versions:

OpenNebula 3.4

Description

I just was able to authenticate through EC2 (using ec2 auth method in econe.conf) with the user from LDAP (with driver ldap) with its LDAP DN as a password. I'm almost sure it will work also with the user with x509 driver and its certificate subject as a password.

Rolandas Naujikas

P.S. Related code in EC2CloudAuth.rb is "one_pass = get_password(username)".
P.S. Workaround is to don't mix users in one setup with different drivers (only core driver users should be used if auth=ec2 is used). Another solution is to use auth=x509 if there are users with different drivers (ldap/x509/ssh).
P.S. OCCICloudAuth.rb looks similar to EC2, but I didn't succeed to authenticate.
P.S. SunstoneCloudAuth.rb looks OK (because of SHA1 digest used).

Associated revisions

Revision cbc622f8
Added by Daniel Molina over 9 years ago

bug #1142: Check user driver in CloudAuth

Revision 1efef611
Added by Daniel Molina over 9 years ago

bug #1142: Check public driver

History

#1 Updated by Rolandas Naujikas over 9 years ago

I was able to authenticate with x509 user certificate subject also through EC2.

#2 Updated by Rolandas Naujikas over 9 years ago

OCCICloudAuth.rb is also vulnerable because SHA1 hash is made in client side, so modified client could authenticate also with user public information.