Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Webmeeting login with password containing special character '<' not possible

    Kopano Meet & WebMeetings
    password login meet konnect
    3
    5
    282
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • cguenther
      cguenther last edited by cguenther

      I am running the kopano docker stack from: https://github.com/zokradonh/kopano-docker
      @fbartels Thanks for your great work there enabling this docker stack!

      I have a user in the docker-compose deployed ldap with a password containing the < special character. The user can correctly login to all services connected to the ldap, including the kopano webapp. As soon as i want to login with this user in mykopano.domain.tld/meet, i get the following error form the kopano_konnect_1 service:

      level=error msg="identifier failed to logon with backend" error="kc identifier backend logon error: failed to read from unix socket: read unix @->/var/run/kopano/server.sock: i/o timeout"

      Resetting the password one without this special character, seems to be a workaround. Nevertheless, this might indicate to a problem of not proper escaping of the password, hinting on a potential security risk.

      best,
      Christian

      update
      Some additional version info of the used kopano stack from the central .env file:

      CORE_VERSION=8.7.81.88
WEBAPP_VERSION=3.5.7.2298
ZPUSH_VERSION=2.5.0
KONNECT_VERSION=0.23.4
KWM_VERSION=0.15.3
MEET_VERSION=0.20.0_0
KDAV_VERSION=latest
      fbartels longsleep 2 Replies Last reply Reply Quote 0
      • fbartels
        fbartels Kopano @cguenther last edited by fbartels

        @cguenther said in Webmeeting login with password containing special character '<' not possible:

        Nevertheless, this might indicate to a problem of not proper escaping of the password, hinting on a potential security risk.

        If you think this is a security issue, then you should really think about responsible disclosure before posting messages on public forums ;-)

        I gave this a quick try by setting the password of the “user1” user to <test and was able to login, though.

        edit: retried with the version info you added to your update and see a soap failure in that case:

        kopano_konnect_1         | SOAP --- response 500 start ---
kopano_konnect_1         | <?xml version="1.0" encoding="UTF-8"?>
kopano_konnect_1         | <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xop="http://www.w3.org/2004/08/xop/include" xmlns:xmlmime="http://www.w3.org/2004/11/xmlmime" xmlns:ns="urn:zarafa"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Client</faultcode><faultstring>Error -2147221245</faultstring></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
kopano_konnect_1         |
kopano_konnect_1         | SOAP --- response end  ---
kopano_konnect_1         | SOAP --- response 500 start ---
kopano_konnect_1         | <?xml version="1.0" encoding="UTF-8"?>
kopano_konnect_1         | <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xop="http://www.w3.org/2004/08/xop/include" xmlns:xmlmime="http://www.w3.org/2004/11/xmlmime" xmlns:ns="urn:zarafa"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Client</faultcode><faultstring>Error -2147221245</faultstring></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
kopano_konnect_1         |
kopano_konnect_1         | SOAP --- response end  ---
kopano_konnect_1         | time="2019-06-07T09:01:06Z" level=error msg="identifier failed to logon with backend" error="kc identifier backend logon error: failed to read from unix socket: read unix @->/var/run/kopano/server.sock: i/o timeout"

        Will have a closer look, but I don’t think this is security relevant.

        Regards Felix

        Resources:
        https://kopano.com/blog/how-to-get-kopano/
        https://documentation.kopano.io/
        https://kb.kopano.io/

        Support overview:
        https://kopano.com/support/

        1 Reply Last reply Reply Quote 0
        • cguenther
          cguenther last edited by

          @fbartels said in Webmeeting login with password containing special character '<' not possible:

          If you think this is a security issue, then you should really think about responsible disclosure before posting messages on public forums ;-)

          Oh sorry, you are totally right. Is there a way to message you / kopano in a non-public way for such a case?

          Neverthless, like always:
          Thanks for the reproduction and fast feedback :)

          fbartels 1 Reply Last reply Reply Quote 0
          • fbartels
            fbartels Kopano @cguenther last edited by

            @cguenther said in Webmeeting login with password containing special character '<' not possible:

            Is there a way to message you / kopano in a non-public way for such a case?

            Customers of ours can always get in contact with our support. Alternatively we are also always publishing the feedback at kopano dot io email in our announcements.

            If you think you have something critical and want to report privately you can also message security at kopano dot io to exchange keys for encrypting information.

            Regards Felix

            Resources:
            https://kopano.com/blog/how-to-get-kopano/
            https://documentation.kopano.io/
            https://kb.kopano.io/

            Support overview:
            https://kopano.com/support/

            1 Reply Last reply Reply Quote 0
            • longsleep
              longsleep Kopano @cguenther last edited by

              @cguenther said in Webmeeting login with password containing special character '<' not possible:

              Resetting the password one without this special character, seems to be a workaround. Nevertheless, this might indicate to a problem of not proper escaping of the password

              Seems that i missed to merge one of my branches and then forgot about it. The underlaying issue is fixed in kcc-go 4.0.0 which will be part of the next Konnect release - both master branches have been updated accordingly.

              Thanks for reporting!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post