Opened 14 years ago
Closed 13 years ago
#954 closed defect (fixed)
OSCam Login Passwort Bug - Access with every passwort of same length as original passwort
Reported by: | scooter4096 | Owned by: | schlocke |
---|---|---|---|
Priority: | critical | Component: | Protocol - CCCam |
Severity: | high | Keywords: | |
Cc: | Sensitive: | no |
Description
Sorry if this issue is already fixxed - don't have the possibility to check this atm.
Couldn't find it in the timeline...
Scenario:
I have OSCAM 0.99.4svn build #2901 on my Dreambox dm800. As mentioned in the title, a Client gets access, if he knows the loginname and the length of the password... Seems as every character is allowed.
If he enters a password not equal the length of the real password my server logs this:
2010/09/29 19:19:19 24098 s client(7) connect from 91.67.135.xxx (pid=7052, pipfd=24)
2010/09/29 19:19:19 7052 c07 encrypted cccam-client 91.67.135.xxx granted (User15, au=0)
2010/09/29 19:19:19 7052 c07 cccam(s) User15: message too big (size=52505)
2010/09/29 19:19:19 7052 c07 cccam(s) User15: client (0000000000000000) running v ()
2010/09/29 19:19:19 7052 c07 cccam(s) User15: version: 2.1.1, build: 2971 nodeid: 0000000000000000
2010/09/29 19:19:19 7052 c07 cccam(s) User15: reported 3 cards to client
2010/09/29 19:19:19 7052 c07 cccam(s) User15: message too big (size=20246)
2010/09/29 19:19:19 7052 c07 cccam(s) User15: connection closed to client
2010/09/29 19:19:19 7052 c07 User15 disconnected from 91.67.135.xxx
and the sun doesn't shine for him.
Again sorry if this is already fixxed...
cheers
Change History (7)
comment:1 by , 14 years ago
comment:4 by , 13 years ago
Owner: | set to |
---|
comment:5 by , 13 years ago
Resolution: | → wontfix |
---|---|
Status: | new → closed |
the user doesn't get access!
cccam is never transfers passwords, instead the password gets part of the data-encryption of the transfered data.
So the user can first connect, but then can't transfer any data and we get such a "message too big" message. Data after wrong password is never transmitted readable. This is a limitation of the cccam-protocoll and can't be changed.
comment:6 by , 13 years ago
Resolution: | wontfix |
---|---|
Status: | closed → reopened |
As I can say, scooter4096 is correct with his problem description. If the password LENGTH differs, "message too big" will be shown and access to the cards will be denied (at least CCcam will not be able to descramble but it will "see" which cards I have. At least my cccam client was able to get one ecm handled before being disconnected too.
If the length of the password is correct but the password itself is incorrect e.g. "abcd" instead of "blah" the cccam client will gain access and can get it's ecms handled.
Tried this with oscam 1,0 build 4335 (amd64) and cccam 2.2.1 (ppc).
This is a serious security issue as a client who has a correct username will be able to guess the password easily.
Also I think a cccam client who has a wrong password should not be able to get the cards advertised anyway.
comment:7 by , 13 years ago
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
I think this is already fixed, please try with versions > 4600
Same with version 1.0 svn 3190!