View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0003184SOGoBackend Generalpublic2015-04-25 11:272015-07-22 15:51
Reporterdekkers Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
Status newResolutionopen 
Product Version2.2.17 
Summary0003184: SOGo should not set sambaLMPassword, but only sambaNTPassword
Description

sambaLMPassword is obsolete and insecure and should not be set. See also https://en.wikipedia.org/wiki/LM_hash#Security_weaknesses, it so easy to determine the password you can consider storing an LM hash as storing the plaintext password.

NTLM was supported in Windows NT/2000/XP, Windows Vista has disabled support for LM hashes by default and Samba also did so in Samba 3.2. I can't think of any reason why storing them would be needed.

TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2015-04-25 11:27 dekkers New Issue
2015-07-22 15:51 ludovic Severity major => feature