BIND 10 #2716: password in ~/.bind10/default_user.csv is cleartext

BIND 10 Development do-not-reply at isc.org
Sun Feb 17 11:52:57 UTC 2013 

#2716: password in ~/.bind10/default_user.csv is cleartext
-------------------------------------+-------------------------------------
            Reporter:  cas           |                        Owner:
                Type:  defect        |                       Status:  new
            Priority:  medium        |                    Milestone:  Next-
           Component:  Unclassified  |  Sprint-Proposed
            Keywords:                |                   Resolution:
           Sensitive:  0             |                 CVSS Scoring:
         Sub-Project:  DNS           |              Defect Severity:  N/A
Estimated Difficulty:  0             |  Feature Depending on Ticket:
         Total Hours:  0             |          Add Hours to Ticket:  0
                                     |                    Internal?:  0
-------------------------------------+-------------------------------------

Comment (by cas):

 Replying to [comment:5 muks]:
 > Replying to [comment:2 muks]:
 > > We'd have to store `~/.bind10/default_user.csv` in cleartext, or
 something that can be converted back to clear text on the client-side to
 answer the server for HTTP digest authentication.

 This design decision is what I'm challenging. In my view, every protocol
 that requires that the password can be converted back to clear text on the
 client-side to answer the server is not a good security protocol. If HTTP
 digest authentication demands that, then HTTP digest authentication might
 not be the best choice.

 DNS server (including BIND 10) are deployed in very sensible network
 infrastructures. BIND 9 is using random passwords (TSIG keys) for remote
 configuration access, at least if someone gets hold of the TSIG key, the
 only system affected in the BIND server. With passwords the situation is
 worse, as users share passwords for multiple services.


 >
 > To clarify, I do not suggest using the `.htdigest` format for this.
 `.htdigest` would be unsuitable for it as there's no way to get at the
 clear-text password. The `.htdigest` suggestion was for the server-side
 `cmdctl-accounts.csv` file.

 Sorry, I've got that wrong.

-- 
Ticket URL: <https://bind10.isc.org/ticket/2716#comment:6>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list