thr3ads.net - Secure testing team - [Secure-testing-team] Bug#614304: dtc-common: does store user passwords unhashed in the database [Feb 2011]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Ansgar Burchardt

2011-Feb-20 22:07 UTC

[Secure-testing-team] Bug#614304: dtc-common: does store user passwords unhashed in the database

Package: dtc-common
Version: 0.29.17-1
Severity: grave
Tags: upstream security

dtc stores user passwords unencrypted in the database:

  $q = "INSERT INTO $pro_mysql_new_admin_table
  (reqadm_login,
  reqadm_pass,
  [...]
  VALUES(''".$_REQUEST["reqadm_login"]."'',
  ''".$_REQUEST["reqadm_pass"]."'',

(from client/new_account_form.php)

This can be verified by executing "SELECT * FROM admin" in
dtc''s MySQL
database which shows the administrator password after installation.

dtc also stores passwords for various servives (FTP, ...). I have not
looked if passwords are hashed there.

The code in unstable (dtc/0.32.5-1) seems to have the same problems.

Ansgar

Secure testing team - Feb 2011 - Bug#614304: dtc-common: does store user passwords unhashed in the database

[Secure-testing-team] Bug#614304: dtc-common: does store user passwords unhashed in the database