opiepasswd does not always generate valid seeds
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
opie (Ubuntu) |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Jaunty |
Fix Released
|
Undecided
|
Unassigned | ||
Karmic |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Maverick |
Fix Released
|
Medium
|
Marc Deslauriers |
Bug Description
After installing the opie-client, opie-server, and libopie-pam packages, and making the apparently needed edits to /etc/ssh/
chris@cowan-
Adding chris:
You need the response from an OTP generator.
New secret pass phrase:
otp-md5 499 co5482
Response: YEA ORE GIRL GLIB MOS BOIL
ID chris OTP key is 499 co5482
YEA ORE GIRL GLIB MOS BOIL
I test it, and it works fine for ssh. Great! But I used a lame passphrase, and figure I want to change to a stronger one.
chris@cowan-
Updating chris:
You need the response from an OTP generator.
Old secret pass phrase:
otp-md5 497 co5482 ext
Response: CRUD TEAM COL WENT WAKE LEA
New secret pass phrase:
otp-md5 499 co54
Response:
Er, that seed doesn't look very good or original. And it doesn't work for opiekey/otp-md5:
chris@cowan-
Using the MD5 algorithm to compute response.
Seeds must be greater than 5 characters long.
Trying to change my opie password again has the same thing happen. I have to use the -s option to set a longer seed manually to fix this.
I've repeated this process several times (running "opiepasswd" after setting a new one), and the new seed is always the old one truncated (co, co1, co14, etc), or sometimes it even seems to fail at truncating the old seed, and tries to reuse the old seed, causing it to give an error:
chris@cowan-
Updating chris:
You must use a different seed for the new OTP sequence.
CVE References
Changed in opie (Ubuntu): | |
status: | New → Incomplete |
Changed in opie (Ubuntu Karmic): | |
status: | Confirmed → Incomplete |
Thanks for reporting this issue.
What version of Ubuntu are you running? What version of the opie-server package are you using?