Evaluate and fix issue known to OpenAM as #201801-02

WrenSecurity / wrenam

Community fork of OpenAM, an authentication and authorization system originally developed by ForgeRock.

Other

43 stars 27 forks source link

Evaluate and fix issue known to OpenAM as #201801-02 #11

Closed siepkes closed 1 year ago

siepkes commented 6 years ago

Evaluate and fix issue known to OpenAM as #201801-02

Since we share a common heritage with OpenAM the issue described here as "Issue #201801-02: Configuration password stored in plain text" probably affects wren:AM too.

We need to evaluate if and how this issue affects wren:AM and fix it.

The issue in the referenced document describes the export of server settings contain some configuration passwords in plain text.

The document indicates there is no workaround.

pavelhoral commented 6 years ago

You can get password values via get-sub-cfg command in 13.0.0:

ssoadm get-sub-cfg -u amadmin -f pwd.txt -e / -s iPlanetAMAuthLDAPService -g MyLDAP

iplanet-am-auth-ldap-auth-level=0
iplanet-am-auth-ldap-search-filter=(objectclass=inetOrgPerson)
iplanet-am-auth-ldap-search-scope=SUBTREE
iplanet-am-auth-ldap-return-user-dn=true
iplanet-am-auth-ldap-bind-passwd=thisissecret
iplanet-am-ldap-user-creation-attr-list=
...

Not sure if the issue is fixed in the current master or not...

pavelhoral commented 6 years ago

I guess it is not fixed if you compare how GetSubConfiguration prints property values compared to GetAuthInstance.

karelmaxa commented 1 year ago

The issue was fixed in https://github.com/WrenSecurity/wrenam/pull/137.