Comments (10)
bendem
commented on June 28, 2024
2
Easy patch for the interested. Should be adapted to use the config instead of a constant:
24a25,26
> define('SESSION_CIPHER', 'aes-256-gcm');
>
772,774c774,776
< if (! empty($data) && function_exists('openssl_encrypt') && in_array('bf-ecb', openssl_get_cipher_methods())) {
< $keylen = openssl_cipher_iv_length('bf-ecb') * 2;
< return openssl_encrypt($data, 'bf-ecb', substr($secret,0,$keylen));
---
> if (! empty($data) && function_exists('openssl_encrypt') && in_array(SESSION_CIPHER, openssl_get_cipher_methods())) {
> $keylen = openssl_cipher_iv_length(SESSION_CIPHER) * 2;
> return openssl_encrypt($data, SESSION_CIPHER, substr($secret,0,$keylen));
833,835c835,837
< if (! empty($encdata) && function_exists('openssl_encrypt') && in_array('bf-ecb', openssl_get_cipher_methods())) {
< $keylen = openssl_cipher_iv_length('bf-ecb') * 2;
< return trim(openssl_decrypt($encdata, 'bf-ecb', substr($secret,0,$keylen)));
---
> if (! empty($encdata) && function_exists('openssl_encrypt') && in_array(SESSION_CIPHER, openssl_get_cipher_methods())) {
> $keylen = openssl_cipher_iv_length(SESSION_CIPHER) * 2;
> return trim(openssl_decrypt($encdata, SESSION_CIPHER, substr($secret,0,$keylen)));EDIT: aes256-gcm to aes-256-gcm
from phpldapadmin.
bendem
commented on June 28, 2024
1
Looks like the patch I provided contains a typo, I copied the cipher name from the openssl command, but openssl_get_cipher_methods() doesn't return exactly the same spelling. A dash should be added to the cipher name (aes-256-gcm). Thanks @TPXP for pointing it out.
from phpldapadmin.
afcasco
commented on June 28, 2024
1
Replaced it with sed, works like a charm, thanks!
sed -i "24 i define('SESSION_CIPHER', 'aes-256-gcm');" /var/www/html/phpldapadmin/lib/functions.php
sed -i 's/bf-ecb/SESSION_CIPHER/' /var/www/html/phpldapadmin/lib/functions.php
from phpldapadmin.
crequill
commented on June 28, 2024
bf-ecb is deprecated in OpenSSL 3.0.
An another cipher has to be chosen.
from phpldapadmin.
bendem
commented on June 28, 2024
Any reason why this doesn't use standard bcrypt using password_hash (PHP 5 >= 5.5.0, PHP 7, PHP 8) instead of calling for random modules that might or might not be there?
from phpldapadmin.
bendem
commented on June 28, 2024
Nevermind, I see this is used for cookie encryption. That's a really weird thing to do instead of storing user/pass in the php session.
from phpldapadmin.
crequill
commented on June 28, 2024
Thanks bendem.
All is working for me with php7-7.4.33.
from phpldapadmin.
ItsMeBrianD
commented on June 28, 2024
Works for me php8.1.2-1
from phpldapadmin.
p5n
commented on June 28, 2024
to work well with php8 it is also required to modify
/usr/share/webapps/phpldapadmin/lib/functions.php:2652
$result = ldap_explode_dn((string)$dn,$with_attrib);
it fails without (string)
from phpldapadmin.
williamdes
commented on June 28, 2024
Replaced it with sed, works like a charm, thanks!
sed -i "24 i define('SESSION_CIPHER', 'aes-256-gcm');" /var/www/html/phpldapadmin/lib/functions.php sed -i 's/bf-ecb/SESSION_CIPHER/' /var/www/html/phpldapadmin/lib/functions.php
You can use 1.2.6.6 instead ;)
from phpldapadmin.
Related Issues (20)
- You found a non-fatal phpLDAPadmin bug! HOT 20
- Documenting this project's copyright HOT 6
- Templates: "noleaf" element ignored => children always (wrongly) allowed
- Unrecognized error number: 8192: preg_match(): Passing null to parameter #2 ($subject) of type string is deprecated HOT 4
- Cannot find users with apostrophe in uid
- nginx with disabled ipv6 failed to start HOT 1
- "These credentials do not match our records error" on login HOT 4
- Unrecognized error number: 8192: trim(): Passing null to parameter #1 ($string) of type string is deprecated HOT 4
- Undefined array key 0 on missing DN HOT 2
- Datastore is not Found HOT 1
- Account without mail & incorrect class filter during login with LDAP-test environment "rroemhild/docker-test-openldap" HOT 1
- How to logon PLA ?
- Getting Error: 597: LDAP Server Unavailable HOT 1
- Parse error: syntax error, unexpected '=' in /usr/local/apache2/htdocs/phpLDAPadmin/lib/functions.php on line 361 HOT 7
- php 8.x support HOT 7
- Docker - Nginx not start - 97: Address family not supported by protocol HOT 4
- Release 1.2.6.7 - incorrect VERSION file HOT 2
- phpLDAPadmin doesnt support RFC3866. HOT 2
- v2 bind_id HOT 1
- Serialization of 'SensitiveParameterValue' is not allowe HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from phpldapadmin.