Page MenuHome GnuPG
Create Task
Maniphest T5446

Don't show LDAP credentials in error messages, at least not by default
Closed, WontfixPublic
Actions

Description

Seems something went wrong (local error) when setting up an LDAP server for key storage. So after configuring something like (.gnupg/gpg.conf)

keyserver ldap://ldap-server/????bindname=uid=LordPrivySeal%2Cou=GnuPG%20Users%2Cdc=example%2Cdc=com,password=secret

(this is single line, of couse)

... and publishing a particular key, I receive an error:

gpg --send-keys 6AD74D237F2EEA93271474C20840333D9F15A045
gpg: sending key 0840333D9F15A045 to ldap://ldap-server/????bindname=uid=LordPrivySeal%2Cou=GnuPG%20Users%2Cdc=example%2Cdc=com,password=secret
gpg: keyserver send failed: Invalid LDAP credentials
gpg: keyserver send failed: Invalid LDAP credentials

The actual problem: That password (secret) should not be shown in any error message unless required by the user. The current situation allows credential stealing by a watcher.

Observed with gnupg 2.2.27 and kleopatra 20.08.3 (which echos the gpg error message).

Event Timeline

cbiedl created this task.May 21 2021, 10:57 AM
cbiedl updated the task description. (Show Details)May 21 2021, 11:09 AM
werner triaged this task as Low priority.May 21 2021, 11:46 AM
werner added a subscriber: werner.

I give this a low priority because all those infos are easily retrievable from config files.

cbiedl added a comment.May 25 2021, 8:14 AM

My concern is not a disloyal administrator, so I disagree with that priority.

In comparison, nobody would consider it an acceptable behavior of an e-mail client, if it showed the configured password as part of an error message just because of a problem with the connection, something that might be caused by a server outage, expired certificates or a network glitch.

This however is precisely what happens here.

werner added a comment.May 25 2021, 8:34 AM

So what do you think is the threat here?

werner edited projects, added gnupg22; removed gnupg (gpg22).Dec 12 2022, 11:38 PM
werner closed this task as Wontfix.Aug 25 2023, 3:58 PM
werner claimed this task.

If we ever add a way to take the password from a file we will for sure hide that in the log files. Ceterum autem censeo tesserae esse delendam.

werner edited projects, added gnupg, dirmngr; removed gnupg22.Sep 25 2024, 4:21 PM