SOGo | BTS

View Issue Details Jump to Notes ] Related Changesets ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004137SOGoBackend Generalpublic2017-04-09 11:402018-04-27 08:56
Reporterskrupellos 
Assigned Toludovic 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version3.2.8 
Target VersionFixed in Version3.2.9 
Summary0004137: Lockout after password change using sha256-crypt/sha512-crypt (at least with OpenLDAP backend)
DescriptionA user can lock it self out by changing their password.
Steps To Reproduce1) Use an OpenLDAP authentication backend.

2) Configure:
userPasswordAlgorithm = "sha512-crypt";
SOGoPasswordChangeEnabled = "YES";

3) Login

4) Change password

5) Logout

... now you can't login again.
Additional Informationthis is caused, because the LDAP attribute "userPassword" is set to "{sha512-crypt}$6$...". Correct would be "{crypt}$6$...", at least for OpenLDAP.

See https://github.com/Skrupellos/sogo-patches/blob/v3.2.8/05-fix_crypt.patch [^] for minimal fix. Maybe other authentication sources also need this kind of fix.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
User avatar (0011793)
ludovic (administrator)
2017-05-08 10:42

I think we should also check for md5-crypt.

- Related Changesets
sogo: master 63cb8014
Timestamp: 2017-05-08 10:44:12
Author: ludovic
Details ] Diff ]
(fix) make sure to use crypt as the scheme for md5/sha256/sha512 (fixes 0004137)
mod - SoObjects/SOGo/LDAPSource.m Diff ] File ]
mod - SoObjects/SOGo/SQLSource.m Diff ] File ]
sogo: v2 c3121c50
Timestamp: 2017-05-08 10:44:12
Author: ludovic
Details ] Diff ]
(fix) make sure to use crypt as the scheme for md5/sha256/sha512 (fixes 0004137)
mod - SoObjects/SOGo/LDAPSource.m Diff ] File ]
mod - SoObjects/SOGo/SQLSource.m Diff ] File ]
sogo: master b0e59f9a
Timestamp: 2018-04-27 08:55:13
Author: ludovic
Details ] Diff ]
Revert "(fix) make sure to use crypt as the scheme for md5/sha256/sha512 (fixes 0004137)"

This reverts commit 63cb80142b1dcdb581ace018a5c715ed42a73eab.
mod - SoObjects/SOGo/LDAPSource.m Diff ] File ]
mod - SoObjects/SOGo/SQLSource.m Diff ] File ]

- Issue History
Date Modified Username Field Change
2017-04-09 11:40 skrupellos New Issue
2017-05-08 10:42 ludovic Note Added: 0011793
2017-05-08 10:44 ludovic Changeset attached => sogo master 63cb8014
2017-05-08 10:44 ludovic Assigned To => ludovic
2017-05-08 10:44 ludovic Resolution open => fixed
2017-05-08 10:45 ludovic Changeset attached => sogo v2 c3121c50
2017-05-08 10:47 ludovic Status new => resolved
2017-05-08 10:47 ludovic Fixed in Version => 3.2.9
2018-04-27 08:56 ludovic Changeset attached => sogo master b0e59f9a


Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker