[Tickets #4085] RESOLVED: Root authentication should be deniable

bugs@bugs.horde.org bugs at bugs.horde.org
Thu Jun 29 00:18:29 PDT 2006


Ticket URL: http://bugs.horde.org/ticket/?id=4085
 Ticket             | 4085
 Updated By         | saku at localeyes.fi
 Summary            | Root authentication should be deniable
 Queue              | IMP
 Version            | 4.1.2
 State              | Rejected
 Priority           | 1. Low
 Type               | Enhancement
 Owners             | 

saku at localeyes.fi (2006-06-29 00:18) wrote:

>> I think there should be a blacklist
>> of accounts that are never allowed to login or some other way to
>> prevent trying an uncounted number of account/password pairs remotely.
> Like configuring your POP server to prevent this.  Disabling access 
> via IMP does nothing to protect security - since an attacker could 
> just directly connect to the port and try username/password 
> combinations all day long and just bypass any restrictions in IMP.

The POP server is not visible to the public network, but IMP runs on the
same server. The scenario that comes to my mind is:
1. Attacker finds an exploit to gain restricted access (the Horde help bug
for example)
2. Attacker uses IMP to remotely (possibly from different addresses to
cover his track) to find the root password
I imagine the situation where IMP runs on the mail server, but POP is
limited to the internal network only is actually quite common, so this is
likely something that other users might be struggling with as well.
I added the following code to _authenticate() in imp/lib/Auth/imp.php to
prevent this attack, but a more generic solution wouldn't hurt.

if( !strcasecmp( $userID, "root" ) )
        mail( "admin at my_network", "WARNING!", "'$userID' login attempt
from $_SERVER[REMOTE_ADDR] in horde!", "From: hordeadm at my_network" );
        return false;

More information about the bugs mailing list