Security vulnerability + preferred disclosure channel #5597
Comments
|
@obi1kenobi Thanks for contacting us about this. Could you please write to support -at- orientdb.com? |
|
Reached out to the email address you specified. Thank you for the prompt reply! Would it make sense for you to update the docs or main site with this info on how to handle security disclosures, so they go smoother in the future? |
|
Good idea, I'm going to create a chapter for it. |
|
What is the status on this? It would be very helpful to have some info
|
|
@micha-nerdlichter I think this is probably the solution. Scott |
|
Now that the issues have been fixed in the Random passwords generated with weak entropy
Consider line 681 in OServer.java that is responsible for auto-generating passwords. Note that it uses the variable Fixed by switching to the Random passwords generated with insufficient entropy
Once again, consider line 681 in OServer.java that is responsible for auto-generating passwords. The password is generated from 64 bits of randomness from a RNG. 64 bits is not enough entropy to deter a sophisticated and determined attacker -- for example, the peak hashing rate of Bitcoin last month (December 2015) was over Fixed by increasing the amount of entropy to 256 bits. Password hashing with outdated algorithm
Currently, OrientDB hashes passwords with SHA-256, which is not secure. Based on issue #1229 it seemed like in version 2.2 the default was going to be PBKDF2-HMAC-SHA1 instead. However, SHA-1 is a broken hashing algorithm and should not be used any more. Fixed by implementing PBKDF2-HMAC-SHA256 password hashing and making it the default algorithm. Comparison of plaintext passwords vulnerable to timing attack
When connecting to the server via the binary protocol, ONetworkProtocolBinary.connect() passes the received username and password to OServer.serverLogin(), which in turn calls OServer.authenticate() with the plaintext password. Line 540 in that function uses a regular string comparison to check the user's password against the provided one, which means that it will short-circuit and return Fixed in Comparison of digests vulnerable to timing attack
Similarly to the above, line 93 in OSecurityManager.check() does a string comparison of digests, which also short-circuits and is vulnerable to timing. That No fix made in |
|
Also, I want to thank @lvca and the other members of the OrientDB team for promptly reacting to these issues and fixing them so quickly. I've reported lots of issues in the past, and I have to say that this time around the process went as smoothly as it's ever gone. |
|
Thank you @smolinari for the hint and thank you @obi1kenobi for all the fixes and the details. @lvca it would be very helpful to have a |
|
@micha-nerdlichter good idea, done. |
|
The timing attack vulnerabilities were not fixed in 2.1.10, which is extremely concerning given that the plaintext password timing attack is trivially exploitable even over a network. Read this paper on a similar timing attack executed over a wide-area network if you don't believe me: Please strongly consider backporting the fixes from |
|
@obi1kenobi Please could you open a PR against 2.1.x? #5611 (comment). We'll merge it at record time. |
|
hi guys, notice before port everything to 2.1 that 'PBKDF2WithHmacSHA256' is not present in java7 by default, we need to be compatible with that. |
|
@tglman you're right. |
I discovered a serious security vulnerability in the database, and in the spirit of responsible disclosure, I was hoping to discuss it privately with the maintainers of this project. However, I was not able to find a contact email address of any kind for OrientDB or its parent company. I would appreciate it if one of the maintainers could reply to this issue and direct me to the preferred channel for disclosing security vulnerabilities.
The text was updated successfully, but these errors were encountered: