>>>>> "Salvatore" == Salvatore Bonaccorso <[email protected]> writes:
Salvatore> pam_userdb module's plaintext-password comparison | path
Salvatore> in modules/pam_userdb/pam_userdb.c that allows a local or
Salvatore> | network-adjacent attacker able to repeatedly drive
Salvatore> authentication | through a calling service to recover the
Salvatore> plaintext password of a | target account by measuring
Salvatore> response-timing differences. The | comparison uses
Salvatore> strncmp() (or strncasecmp() when PAM_ICASE_ARG is | set)
Salvatore> preceded by a length-equality check, so the time to
Salvatore> reject a | candidate depends on the index of the first
Salvatore> differing byte and on | whether the candidate's length
Salvatore> matches the stored password, leaking | the password
Salvatore> length and individual prefix bytes. The vulnerable path |
Salvatore> is reached when the administrator configures pam_userdb
Salvatore> with | crypt=none, with an unrecognized crypt method, or
Salvatore> without a crypt= | argument, causing the module to store
Salvatore> and compare credentials in | plaintext.
I'll fix, but it's important to note that pam_userdb is not configurde
by default on Debian systems, and that best practice when configuring
something like this is to configure a crypt method.
Which is to say that I agree it is a vulnerability in a particular rare
configuration.
