Investigate brute-force attacks against all exozyme services #104
Labels
No labels
bug
duplicate
enhancement
help wanted
invalid
question
security
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Total time spent: 31 minutes 37 seconds
Due date
a
31 minutes 37 seconds
No due date set.
Dependencies
No dependencies set.
Reference: exozyme/exozyme#104
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This is a generalized version of #61. Basically, we need to check all of our services for their resistance to brute-force attacks, and possibly implement more mitigations. (exoffice, exopages, and exovpn are excluded)
su
might be a good idea too.OpenLDAP seems very vulnerable to brute-force attacks. 👀
Attackers can brute-force about one password every 5 ms. OpenLDAP has a
ppolicy
module for configuring password policies, but it seems very difficult to use. (just like every other OpenLDAP feature)OpenLDAP is too freaking complicated. Labelling as wontfix so we don't waste more time. Strong passwords should partially prevent brute-force attacks, and if someone is really trying thousands of passwords in a brute-force manner, it'll be pretty clear in the system logs.