Comments (10)
Easy patch for the interested. Should be adapted to use the config instead of a constant:
24a25,26
> define('SESSION_CIPHER', 'aes-256-gcm');
>
772,774c774,776
< if (! empty($data) && function_exists('openssl_encrypt') && in_array('bf-ecb', openssl_get_cipher_methods())) {
< $keylen = openssl_cipher_iv_length('bf-ecb') * 2;
< return openssl_encrypt($data, 'bf-ecb', substr($secret,0,$keylen));
---
> if (! empty($data) && function_exists('openssl_encrypt') && in_array(SESSION_CIPHER, openssl_get_cipher_methods())) {
> $keylen = openssl_cipher_iv_length(SESSION_CIPHER) * 2;
> return openssl_encrypt($data, SESSION_CIPHER, substr($secret,0,$keylen));
833,835c835,837
< if (! empty($encdata) && function_exists('openssl_encrypt') && in_array('bf-ecb', openssl_get_cipher_methods())) {
< $keylen = openssl_cipher_iv_length('bf-ecb') * 2;
< return trim(openssl_decrypt($encdata, 'bf-ecb', substr($secret,0,$keylen)));
---
> if (! empty($encdata) && function_exists('openssl_encrypt') && in_array(SESSION_CIPHER, openssl_get_cipher_methods())) {
> $keylen = openssl_cipher_iv_length(SESSION_CIPHER) * 2;
> return trim(openssl_decrypt($encdata, SESSION_CIPHER, substr($secret,0,$keylen)));
EDIT: aes256-gcm
to aes-256-gcm
from phpldapadmin.
Looks like the patch I provided contains a typo, I copied the cipher name from the openssl command, but openssl_get_cipher_methods()
doesn't return exactly the same spelling. A dash should be added to the cipher name (aes-256-gcm
). Thanks @TPXP for pointing it out.
from phpldapadmin.
Replaced it with sed, works like a charm, thanks!
sed -i "24 i define('SESSION_CIPHER', 'aes-256-gcm');" /var/www/html/phpldapadmin/lib/functions.php
sed -i 's/bf-ecb/SESSION_CIPHER/' /var/www/html/phpldapadmin/lib/functions.php
from phpldapadmin.
bf-ecb is deprecated in OpenSSL 3.0.
An another cipher has to be chosen.
from phpldapadmin.
Any reason why this doesn't use standard bcrypt using password_hash
(PHP 5 >= 5.5.0, PHP 7, PHP 8) instead of calling for random modules that might or might not be there?
from phpldapadmin.
Nevermind, I see this is used for cookie encryption. That's a really weird thing to do instead of storing user/pass in the php session.
from phpldapadmin.
Thanks bendem.
All is working for me with php7-7.4.33.
from phpldapadmin.
Works for me php8.1.2-1
from phpldapadmin.
to work well with php8 it is also required to modify
/usr/share/webapps/phpldapadmin/lib/functions.php:2652
$result = ldap_explode_dn((string)$dn,$with_attrib);
it fails without (string)
from phpldapadmin.
Replaced it with sed, works like a charm, thanks!
sed -i "24 i define('SESSION_CIPHER', 'aes-256-gcm');" /var/www/html/phpldapadmin/lib/functions.php sed -i 's/bf-ecb/SESSION_CIPHER/' /var/www/html/phpldapadmin/lib/functions.php
You can use 1.2.6.6 instead ;)
from phpldapadmin.
Related Issues (20)
- You found a non-fatal phpLDAPadmin bug! HOT 20
- Documenting this project's copyright HOT 6
- Templates: "noleaf" element ignored => children always (wrongly) allowed
- Unrecognized error number: 8192: preg_match(): Passing null to parameter #2 ($subject) of type string is deprecated HOT 4
- Cannot find users with apostrophe in uid
- nginx with disabled ipv6 failed to start HOT 1
- "These credentials do not match our records error" on login HOT 4
- Unrecognized error number: 8192: trim(): Passing null to parameter #1 ($string) of type string is deprecated HOT 4
- Undefined array key 0 on missing DN HOT 2
- Datastore is not Found HOT 1
- Account without mail & incorrect class filter during login with LDAP-test environment "rroemhild/docker-test-openldap" HOT 1
- How to logon PLA ?
- Getting Error: 597: LDAP Server Unavailable HOT 1
- Parse error: syntax error, unexpected '=' in /usr/local/apache2/htdocs/phpLDAPadmin/lib/functions.php on line 361 HOT 7
- php 8.x support HOT 7
- Docker - Nginx not start - 97: Address family not supported by protocol HOT 4
- Release 1.2.6.7 - incorrect VERSION file HOT 2
- phpLDAPadmin doesnt support RFC3866. HOT 2
- v2 bind_id HOT 1
- Serialization of 'SensitiveParameterValue' is not allowe HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from phpldapadmin.