[Bug 45956] New: Security enhanced authentication: before, during, and after authentication process allow to inspect Server fingerprints; store them in the database

bugzilla-daemon Sun, 10 Mar 2013 07:08:17 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=45956


       Web browser: ---
            Bug ID: 45956
           Summary: Security enhanced authentication: before, during, and
                    after authentication process allow to inspect Server
                    fingerprints; store them in the database
           Product: MediaWiki extensions
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: OpenID
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected]
    Classification: Unclassified
   Mobile Platform: ---

To lower risks of MITM attacks in the authentication process, I propose similar
to what I proposed in [1]:

before and during the authentication process 

+ allow to inspect Server fingerprints (sha-256, sha-1, md5)

and then store them also in the wiki database.

+ Add to the tables in OpenID preferences a way to 

i)   to inspect (list) stored fingerprints ; and perhaps 
ii ) to check (compare) the stored against the current server fingerprints.


Implementation tip:

The code for this can(should) be used and shared with php-openid library and
its storage.

[1] https://github.com/owncloud/mirall/issues/44

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 45956] New: Security enhanced authentication: before, during, and after authentication process allow to inspect Server fingerprints; store them in the database

Reply via email to