Closed
Bug 907438
Opened 12 years ago
Closed 11 years ago
In MySQL, login cookie checking is not case-sensitive, reducing total entropy and allowing easier brute force
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 4.0
People
(Reporter: dkl, Assigned: dkl)
Details
Attachments
(2 files)
|
993 bytes,
patch
|
LpSolit
:
review+
|
Details | Diff | Splinter Review |
|
1.01 KB,
patch
|
dkl
:
review+
|
Details | Diff | Splinter Review |
Similar to bug 906745, when we check the database for validity of a users login cookie, MySQL does not do the check in a case-sensitive manner which lowers the bar to brute forcing someone's login cookie. We do store the IP address which helps some but it would be better if we pulled the cookie value from the db and then did the comparison in Perl like we did for the fix for bug 906745.
Feel free to remove the privacy bit if you feel this is not necessarily a security problem but more of an enhancement.
dkl
|
Assignee | |
Comment 1•12 years ago
|
||
Attachment #793654 -
Flags: review?(LpSolit)
|
||
Updated•12 years ago
|
Flags: blocking4.4.1+
Flags: blocking4.2.7+
Flags: blocking4.0.11+
Target Milestone: --- → Bugzilla 4.0
|
|
||
Comment 2•12 years ago
|
||
Comment on attachment 793654 [details] [diff] [review]
patch for 4.4 and older
r=LpSolit
Attachment #793654 -
Flags: review?(LpSolit) → review+
|
|
||
Updated•12 years ago
|
Flags: approval?
Flags: approval4.4?
Flags: approval4.2?
Flags: approval4.0?
|
|
||
Updated•12 years ago
|
Flags: approval?
Flags: approval4.4?
Flags: approval4.4+
Flags: approval4.2?
Flags: approval4.2+
Flags: approval4.0?
Flags: approval4.0+
Flags: approval+
|
|
||
Comment 3•11 years ago
|
||
This patch now longer applies cleanly on trunk due to bug 917669. The comment right above |if (...)| has changed.
dkl: could you update it, please, as you are responsible for the bitrot? ;)
|
|
Assignee | |
Comment 4•11 years ago
|
||
Fixed bit-rot.
dkl
Attachment #793654 -
Attachment is obsolete: true
Attachment #810769 -
Flags: review+
|
|
||
Updated•11 years ago
|
Attachment #793654 -
Attachment description: 907438_1.patch → patch for 4.4 and older
Attachment #793654 -
Attachment is obsolete: false
|
|
||
Updated•11 years ago
|
Attachment #810769 -
Attachment description: 907438_2.patch → patch for trunk
|
|
Assignee | |
Comment 5•11 years ago
|
||
Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bugzilla/4.0
modified Bugzilla/Auth/Login/Cookie.pm
Committed revision 7758.
Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bugzilla/4.2
modified Bugzilla/Auth/Login/Cookie.pm
Committed revision 8230.
Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bugzilla/4.4
modified Bugzilla/Auth/Login/Cookie.pm
Committed revision 8622.
Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bugzilla/trunk
modified Bugzilla/Auth/Login/Cookie.pm
Committed revision 8776.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•