View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0003184 | SOGo | Backend General | public | 2015-04-25 11:27 | 2015-07-22 15:51 |
Reporter | dekkers | Assigned To | |||
Priority | normal | Severity | feature | Reproducibility | always |
Status | new | Resolution | open | ||
Product Version | 2.2.17 | ||||
Summary | 0003184: SOGo should not set sambaLMPassword, but only sambaNTPassword | ||||
Description | sambaLMPassword is obsolete and insecure and should not be set. See also https://en.wikipedia.org/wiki/LM_hash#Security_weaknesses, it so easy to determine the password you can consider storing an LM hash as storing the plaintext password. NTLM was supported in Windows NT/2000/XP, Windows Vista has disabled support for LM hashes by default and Samba also did so in Samba 3.2. I can't think of any reason why storing them would be needed. | ||||
Tags | No tags attached. | ||||