CVE-2022-0730 Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
This is especially dangerous on a multi-user system with a single user account. It's important to understand the difference between password-based andanon-password-based authentication. The latter is usually disabled by the LDAP server. In certain cases, the LDAP server may not enforce this setting.
Password-based authentication is much more secure than anon-password-based setting. Credential types are assigned to certain situations based on LDAP RFCs. These situations include: When users search for other users, when users receive a new ticket and when users receive a warning. These LDAP RFCs are set based on the server software and version.
What is password-based authentication?
Password-based authentication is when the user enters their password to login. LDAP servers enforce this setting by checking if the user's password matches what they used on their LDAP account. This is a safer method for authenticating users because it prevents all anonymous logins.
Anon-password-based authentication is when the user does not enter a password, but instead types in an ID and other information that isn't associated with their account. An example of this would be using your email address as your username, or having your phone number as your identifier instead of an email address.
Create a New Ticket
This is a useful method to create a new ticket on the LDAP server and have it accepted as authentication.
What are LDAP Credentials?
LDAP Credentials are a type of authentication that is assigned to certain situations based on LDAP RFCs and server software. They are often used for authentication purposes, as in the case when someone searches for another user in Active Directory. Other times, they are used for ticket delivery or warning purposes.
If you want to learn more about LDAP Credentials, check out the following resources:
Global Security Services Guide: http://www.globalsecurityservicesguide.com/ldap-credential-types-user-accounts/
LDAP Credential Types: https://msdn.microsoft.com/en-us/library/windowsazure/dn513052%28v=vs.85%29.aspx
What is the LDAP Authentication Type?
The authentication type is used to limit what the user is able to do with the account or system. The LDAP server has a range of authentication types such as "anonymous" and "password". These authentication types are assigned to certain situations such as when users search for other users, when they receive a new ticket and when they receive a warning.
Password-based authentication is much more secure than anon-password-based setting. Credential types are assigned to certain situations based on LDAP RFCs. These situations include: When users search for other users, when users receive a new ticket and when users receive a warning. These LDAP RFCs are set based on the server software and version.
Observation 1: In password-based authentication, the user must enter a valid and strong password .
In password-based authentication, when the user enters their password, it is verified against a string stored in the SASL profile. This ensures that the password is strong and adequate to authenticate users. If a string stored in the SASL profile matches the entered password, then authentication will be successful.
Timeline
Published on: 03/03/2022 23:15:00 UTC
Last modified on: 05/24/2022 13:10:00 UTC
References
- https://github.com/Cacti/cacti/issues/4562
- https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0730