CVE-2013-4440: trivially weak passwords if no tty

Debian Bug report logs - #725507
CVE-2013-4440: trivially weak passwords if no tty

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Thomas Koch <thomas@koch.ro>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: generated passwords have more repetitions than expected

Date: Sun, 06 Oct 2013 19:49:08 +0200

Package: pwgen
Version: 2.06-1+b2
Severity: important

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

I created 813950 passwords with
while true; do pwgen -N 50 >> /tmp/passwords; done

sorted them and looked for duplicates with uniq -c -d. In theory, there are
26^8=2E11 different possible passwords. But in reality, I got many duplicates:

Number of non unique passwords    Number of duplications of one password
34841                             2 times
5636                              3 times
1725                              4 times
895                               5 times
1045                              6 or more times
======
44142

105146 out of 813950 generated passwords where non-unique. This is around 13
percent or every seventh password. My statistics classes were a few years ago
but I don't feel comfortable with this numbers.

Regards, Thomas Koch


- -- System Information:
Debian Release: 7.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.10-0.bpo.3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages pwgen depends on:
ii  libc6  2.13-38

pwgen recommends no packages.

pwgen suggests no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJSUaKUAAoJEAf8SJEEK6Za/9gP/iIqZ2UatsXlkWeFDMZoUrgz
hUUpM/zO2Todmx8jydYqpNXP3osFu0ZQmSuurBvcIaxx4jbYhpn+/7Ml6Ljva2Ia
WYZ+KCSvP9N7dc0D97K+Tq9KEAMD6gWT9vH/oiJg21fcL3g64axjsYoPTcNTyBSz
imv6WZVghyo3Rj4U9odNR12UxgEFrqhjZhM3GL3OVgDCIq6IB/UD4+urwWc7exFn
Mj94etvUBev7Gfy1T9ln4ObVzZndGYo5Hju2nPLI/i+r3e87TdpOUqBmlsGOMek7
S4j2j+NnJzmzMxyZPeZrlzs4p8sNbwwUiB/r3K5BsbbUeHmeKmxu8wL0I1Y2zmE6
ETSqwHoVb5KHCLGLDCcikOy0MBQrLFCvBHG/uE9xlqSA9kwp/QmnbiViKoMTNoVz
DmyJ9lFjg/KJpbS5RdNa9APRgCrRrcsZmFBWY8ztmBOPQnxUghAB0EZgDWKl87Kd
9xhHkvxNc6wnFyQbmzl9OaqLh4xRDbDXbjyqA+l+zIpw7m9xF/xehOm4LKvHdgBN
WuP6cMENyDfx8k7M3OmElAvl3e1KoWH3GPhugn0uEyjUJTDH/n3iht+grgEFB3PN
jbum0c0FBj2bcdbYKBWoj3IeLpX0ugDfhayvFbc0puuLMp+u5F3pZ4YB7F46pU/3
bacDuhDLuiNhC7y3EIe/
=L1Yq
-----END PGP SIGNATURE-----

Message #10 received at 725507@bugs.debian.org (full text, mbox, reply):

From: Adam Borowski <kilobyte@angband.pl>

To: 725507@bugs.debian.org

Subject: this is CVE-2013-4440

Date: Mon, 27 Oct 2014 16:41:56 +0100

[Message part 1 (text/plain, inline)]

This is CVE-2013-4440, and unlike other CVEs issued for pwgen it's an
actually severe issue.  The problem here is that when !isatty() the default
surprisingly changes to something insecure.

Using the attached program, I empirically estimated the entropy:
length  8, -0A:  22.63 bits
length  8, -nc:  27.86 bits
length  8, -snc: ≈47 bits
length 10, -0A:  26.97 bits
length 10, -nc:  34.05 bits
length 12, -0A:  32.02 bits
length 12, -nc:  40.36 bits

The problem here is, an inconspicuous act of redirecting the output makes
generated passwords really insecure.  It _is_ documented, but a typical
person doesn't read the docs for something that seems obvious.  And dropping
the password quality to something as low as 22 bits of entropy warrants
a RC bug.

-- 
// If you believe in so-called "intellectual property", please immediately
// cease using counterfeit alphabets.  Instead, contact the nearest temple
// of Amon, whose priests will provide you with scribal services for all
// your writing needs, for Reasonable and Non-Discriminatory prices.

[se.cc (text/x-c++src, attachment)]

Message #15 received at 725507@bugs.debian.org (full text, mbox, reply):

From: Adam Borowski <kilobyte@angband.pl>

To: 725507@bugs.debian.org

Subject: marking this grave

Date: Mon, 27 Oct 2014 19:20:19 +0100

Control: retitle -1 CVE-2013-4440: trivially weak passwords if no tty
Control: severity -1 grave
Control: tags -1 +patch
Control: tags 726578 -patch

As dropping from 27.8 bits of entropy to 22.6 makes passwords trivially
weak, I'm setting this split bug to grave, and attaching a copy of the
patch.

Mere 27 bits are not so hot either so we probably should think about upping
the length too.

-- 
// If you believe in so-called "intellectual property", please immediately
// cease using counterfeit alphabets.  Instead, contact the nearest temple
// of Amon, whose priests will provide you with scribal services for all
// your writing needs, for Reasonable and Non-Discriminatory prices.

Message #26 received at 725507-close@bugs.debian.org (full text, mbox, reply):

From: tytso@mit.edu (Theodore Y. Ts'o)

To: 725507-close@bugs.debian.org

Subject: Bug#725507: fixed in pwgen 2.07-1

Date: Tue, 28 Oct 2014 04:34:02 +0000

Source: pwgen
Source-Version: 2.07-1

We believe that the bug you reported is fixed in the latest version of
pwgen, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 725507@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Theodore Y. Ts'o <tytso@mit.edu> (supplier of updated pwgen package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 27 Oct 2014 23:30:52 -0400
Source: pwgen
Binary: pwgen pwgen-udeb
Architecture: source i386
Version: 2.07-1
Distribution: unstable
Urgency: high
Maintainer: Theodore Y. Ts'o <tytso@mit.edu>
Changed-By: Theodore Y. Ts'o <tytso@mit.edu>
Description:
 pwgen      - Automatic Password generation
 pwgen-udeb - Automatic Password generation (udeb)
Closes: 725507 767008
Changes:
 pwgen (2.07-1) unstable; urgency=high
 .
   * New upstream version
   * Remove backwards compatibility for no-tty mode.  Addresses
     CVE-2013-4440 (Closes: #725507)
   * Fail hard if /dev/urandom and /dev/random are not available.
     Addresses CVE-2013-4442 and Launchpad #1183213 (Closes: #767008)
   * Fix pwgen -B so that it doesn't accidentally generate passwords with
     ambiguous characters after changing the case of some letters.
     Addresses Launchpad Bugs #638418 and #1349863
   * Fix potential portability bug on architectures where unsgined ints
     are not 4 bytes long
   * Update Debian policy compliance to 3.9.6.0
   * Build with Debian hardening using dpkg-buildflags
Checksums-Sha1:
 5349f33b329613c8d29d9a4596d79f9b63d7131b 1676 pwgen_2.07-1.dsc
 51180f9cd5530d79eea18b2443780dec4ec5ea43 53513 pwgen_2.07.orig.tar.gz
 2d79357c1ad54f4e6ea38753ad09698651e76037 5240 pwgen_2.07-1.debian.tar.xz
 7fc60ae6ce736fd0f09bbd6c42d204d59e59e78d 16030 pwgen_2.07-1_i386.deb
 35212b633a183199aad89dfebf2eb4b3054074e9 9414 pwgen-udeb_2.07-1_i386.udeb
Checksums-Sha256:
 4994f1bd2d7165e8d4258fceec92e421765284909d3ec795673697d44278f2c0 1676 pwgen_2.07-1.dsc
 eb74593f58296c21c71cd07933e070492e9222b79cedf81d1a02ce09c0e11556 53513 pwgen_2.07.orig.tar.gz
 86226155068172fdbfb7d90a303f3eeeee94612c46a2d80521b1474dafeb7e46 5240 pwgen_2.07-1.debian.tar.xz
 8e05679e05088e0b1852288187303fbcd4b9293bc3c2d172c5fd9e83b7af0f7c 16030 pwgen_2.07-1_i386.deb
 37e65a199149b0c79e2f47271ae30d450dfe7101b73a9cb7a91b5746cb0f9515 9414 pwgen-udeb_2.07-1_i386.udeb
Files:
 597d10318b3d0d8e6c5d559a7b9172e1 1676 admin optional pwgen_2.07-1.dsc
 910b1008cdd86445e9e01305d21ee4c5 53513 admin optional pwgen_2.07.orig.tar.gz
 7ac0998d6c01fa602622d097f88517f7 5240 admin optional pwgen_2.07-1.debian.tar.xz
 e97a0fc4f480ccf9c074ffc6a9a9c994 16030 admin optional pwgen_2.07-1_i386.deb
 838e91790a3d47f967c78d7b136f7ec2 9414 debian-installer optional pwgen-udeb_2.07-1_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUTxgyAAoJENNvdpvBGATwKFgP/2B0/6iYYbPtEYJZq1t3Kf8K
1xzZRK1aY68EVa/459CuxoWYTHqjW62I2XMQDRbBR1ojd+cww5LGOTPMHxgGAGEZ
vk1tVFM5SjbStPmg6bx5hhXhxzTslabGbIYe56vfQbIs34nhSGYLS4oaBAHhFbyP
9Yuso1bF+e/XktWluMjo2QXjL/NREpFdNUDcG1p2pY/x3vbaTr6sQ3JcacVYvQlB
IU3YApBv9jWf1TEs5azlUtEEyw1NN2X+SOptmx2UZ+Cg8hDrMS40N14b7u+FCTAT
dp1/s/GhxK3oCm6X/7RR2sMl/wIrqKFlBLsJ1RAP6nVtHLVpmBQU5BeMBVvHZM3S
yuqrLd4koGvmQuBWwktW6b/Ry++bOnqfGfwfB+g2+Q1mR1ctbBv6vOnYk5t2YI2n
jSzSKsDhOuBtPxoJs3jp/V7RtmQtTHka+MtbuX8UyHbSXpLRK3J3ancIpBr6L6pg
hbJFgg0XQ9Hmwi7MvzJr3gEMLOM5XtyJl3NGLsQuJrZE0vrMVyQ+rc+dKTCcTiHV
csuZ+yT7SlNozT2Yi4Xbpein8WpBcOfyBM0buweuLZ4CYc7F1hs0uZWN7LEYEdT+
4ar3OE57aeyK/nBjODG/zMNG9iy10pupnMOhOWQvAWiQJziFV2RxQPbybT090fDR
eFO3gM8J+mBVnu4YfILf
=WbQn
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.