[Tickets #9121] decrypted password issue (DIGEST-MD5)
bugs at horde.org
bugs at horde.org
Fri Jul 2 07:15:16 UTC 2010
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/9121
------------------------------------------------------------------------------
Ticket | 9121
Created By | imp at lx-soft.com
Summary | decrypted password issue (DIGEST-MD5)
Queue | IMP
Version | Git master
Type | Bug
State | Unconfirmed
Priority | 1. Low
Milestone |
Patch | 1
Owners |
+New Attachment | Secret.php.diff
------------------------------------------------------------------------------
imp at lx-soft.com (2010-07-02 03:15) wrote:
Dear Horde Team,
According to: http://www.php.net/manual/en/function.mcrypt-generic.php
A stored password may be padded with \0, if it's length is not the
same as the block size (8 chars).
This feature is used by Crypt::Blowfish, which is used again by
Horde::Secret to store password used to do DIGEST-MD5 Authentication.
I've attached a patch which check the length of the encrypted message.
More information about the bugs
mailing list