[2695] in Kerberos-V5-bugs
krb5-admin/395: -randkey isn't random
daemon@ATHENA.MIT.EDU (ppomes@Qualcomm.com)
Wed Mar 12 13:49:12 1997
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: bjaspan@MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, ppomes@Qualcomm.com
Date: Wed, 12 Mar 1997 10:44:53 -0800 (PST)
From: ppomes@Qualcomm.com
Reply-To: ppomes@Qualcomm.com
To: krb5-bugs@MIT.EDU
Cc: ppomes@Qualcomm.com, tep@sdsc.edu
>Number: 395
>Category: krb5-admin
>Synopsis: addprinc -randkey appears to generate the same key each time
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: bjaspan
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Mar 12 13:46:00 EST 1997
>Last-Modified:
>Originator: Paul Pomes
>Organization:
QUALCOMM, Inc.
6455 Lusk Blvd
San Diego, CA 92121-2779
>Release: 1.0
>Environment:
System: SunOS zelkova 5.5.1 Generic_103640-04 sun4m sparc SUNW,SPARCstation-20
Architecture: sun4
>Description:
When a random key is requested with the -randkey argument to addprinc
or modprinc, passwd_check() shows the same password each time. This
may not be a problem if there is subsequent randomization, however
if there isn't then this is a serious bug. It makes many krb5.keytab
file keys guessable.
>How-To-Repeat:
dbx kadmin.local
(dbx) stop in passwd_check
(2) stop in passwd_check
(dbx) run
Running: kadmin.local
(process id 5151)
kadmin.local: addprinc -randkey fubar
stopped in passwd_check at line 49 in file "/usr/local/src/security/kerberos/krb5-1.0/src/lib/kadm5/srv/server_misc.c"
49 int nupper = 0,
(dbx) print password
[ the eight-bit characters were stripped to 7 in the cut-and-paste ]
password = 0x3cd00 "^A^B^C^D^E^F^G^H^I\n^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z^[^\^]^^^_ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~^? !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
(dbx) cont
[ A check is also made to FascistCheck() from CrackLib v2.5 ]
add_principal: Password is in the password dictionary while creating "fubar@GLOBALSTAR.COM".
kadmin.local: addprinc -randkey fubar
stopped in passwd_check at line 49 in file "/usr/local/src/security/kerberos/krb5-1.0/src/lib/kadm5/srv/server_misc.c"
49 int nupper = 0,
(dbx) print password
password = 0x3cd00 "^A^B^C^D^E^F^G^H^I\n^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z^[^\^]^^^_ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~^? !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
(dbx)
>Fix:
Not investigated yet.
>Audit-Trail:
>Unformatted: