Maniphest T5446

Don't show LDAP credentials in error messages, at least not by default
Closed, WontfixPublic
Actions

Assigned To
werner
Authored By
cbiedl
May 21 2021, 10:57 AM
Tags
Subscribers
cbiedl
werner

Description

Seems something went wrong (local error) when setting up an LDAP server for key storage. So after configuring something like (.gnupg/gpg.conf)

keyserver ldap://ldap-server/????bindname=uid=LordPrivySeal%2Cou=GnuPG%20Users%2Cdc=example%2Cdc=com,password=secret

(this is single line, of couse)

... and publishing a particular key, I receive an error:

gpg --send-keys 6AD74D237F2EEA93271474C20840333D9F15A045
gpg: sending key 0840333D9F15A045 to ldap://ldap-server/????bindname=uid=LordPrivySeal%2Cou=GnuPG%20Users%2Cdc=example%2Cdc=com,password=secret
gpg: keyserver send failed: Invalid LDAP credentials
gpg: keyserver send failed: Invalid LDAP credentials

The actual problem: That password (secret) should not be shown in any error message unless required by the user. The current situation allows credential stealing by a watcher.

Observed with gnupg 2.2.27 and kleopatra 20.08.3 (which echos the gpg error message).

Event Timeline

cbiedl created this task.May 21 2021, 10:57 AM
cbiedl updated the task description. (Show Details)May 21 2021, 11:09 AM
werner triaged this task as Low priority.May 21 2021, 11:46 AM
werner added a subscriber: werner.

I give this a low priority because all those infos are easily retrievable from config files.

cbiedl added a comment.May 25 2021, 8:14 AM

My concern is not a disloyal administrator, so I disagree with that priority.

In comparison, nobody would consider it an acceptable behavior of an e-mail client, if it showed the configured password as part of an error message just because of a problem with the connection, something that might be caused by a server outage, expired certificates or a network glitch.

This however is precisely what happens here.

werner added a comment.May 25 2021, 8:34 AM

So what do you think is the threat here?

werner edited projects, added gnupg22; removed gnupg (gpg22).Dec 12 2022, 11:38 PM
werner closed this task as Wontfix.Aug 25 2023, 3:58 PM
werner claimed this task.

If we ever add a way to take the password from a file we will for sure hide that in the log files. Ceterum autem censeo tesserae esse delendam.

werner edited projects, added gnupg, dirmngr; removed gnupg22.Sep 25 2024, 4:21 PM