[2695] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

krb5-admin/395: -randkey isn't random

daemon@ATHENA.MIT.EDU (ppomes@Qualcomm.com)
Wed Mar 12 13:49:12 1997

Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: bjaspan@MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, ppomes@Qualcomm.com
Date: Wed, 12 Mar 1997 10:44:53 -0800 (PST)
From: ppomes@Qualcomm.com
Reply-To: ppomes@Qualcomm.com
To: krb5-bugs@MIT.EDU
Cc: ppomes@Qualcomm.com, tep@sdsc.edu


>Number:         395
>Category:       krb5-admin
>Synopsis:       addprinc -randkey appears to generate the same key each time
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    bjaspan
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Wed Mar 12 13:46:00 EST 1997
>Last-Modified:
>Originator:     Paul Pomes
>Organization:
QUALCOMM, Inc.
6455 Lusk Blvd
San Diego, CA  92121-2779
>Release:        1.0
>Environment:
	
System: SunOS zelkova 5.5.1 Generic_103640-04 sun4m sparc SUNW,SPARCstation-20
Architecture: sun4

>Description:
	When a random key is requested with the -randkey argument to addprinc
	or modprinc, passwd_check() shows the same password each time.  This
	may not be a problem if there is subsequent randomization, however
	if there isn't then this is a serious bug.  It makes many krb5.keytab
	file keys guessable.
>How-To-Repeat:
	dbx kadmin.local
	(dbx) stop in passwd_check 
	(2) stop in passwd_check
	(dbx) run                 
	Running: kadmin.local 
	(process id 5151)
	kadmin.local:  addprinc -randkey fubar
	stopped in passwd_check at line 49 in file "/usr/local/src/security/kerberos/krb5-1.0/src/lib/kadm5/srv/server_misc.c"
	   49       int     nupper = 0,
	(dbx) print password

[ the eight-bit characters were stripped to 7 in the cut-and-paste ]

	password = 0x3cd00 "^A^B^C^D^E^F^G^H^I\n^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z^[^\^]^^^_ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~^? !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
	(dbx) cont          

[ A check is also made to FascistCheck() from CrackLib v2.5 ]

	add_principal: Password is in the password dictionary while creating "fubar@GLOBALSTAR.COM".
	kadmin.local:  addprinc -randkey fubar
	stopped in passwd_check at line 49 in file "/usr/local/src/security/kerberos/krb5-1.0/src/lib/kadm5/srv/server_misc.c"
	   49       int     nupper = 0,
	(dbx) print password
	password = 0x3cd00 "^A^B^C^D^E^F^G^H^I\n^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z^[^\^]^^^_ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~^? !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
	(dbx) 

>Fix:
	Not investigated yet.
>Audit-Trail:
>Unformatted:

home help back first fref pref prev next nref lref last post