| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] |
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0005491 | ClearOS | app-ssh-server - SSH Server | public | 2015-10-07 12:08 | 2016-12-22 09:30 |
|
| Reporter | bchambers | |
| Assigned To | user2 | |
| Priority | normal | Severity | minor | Reproducibility | sometimes |
| Status | closed | Resolution | fixed | |
| Platform | | OS | | OS Version | |
| Product Version | 7.1.0 RC1 | |
| Target Version | 7.3.0 Beta 1 | Fixed in Version | 7.3.0 Beta 1 | |
|
| Summary | 0005491: Users with weak passwords and no shell can become mail relays |
| Description | Customer was using Active Directory connector. A user in the AD had a weak username/password combo...very weak. Not limited to AD connector...LDAP user with weak user/pass would also be susceptible.
Looks like this hack was used that we've seen once or twice before to become a spam relay:
https://www.rackaid.com/blog/spam-ssh-tunnel/ [^]
As per doc, we should really ship SSH with default:
AllowTCPForwarding no
And expose this variable in Webconfig. |
| Additional Information | Why am I having Deja vu? No tracker was ever submitted? |
| Tags | No tags attached. |
|
| Attached Files | |
|
Relationships 
Relationships