"Fossies" - the Fresh Open Source Software Archive

Member "ldap-account-manager-7.1/docs/manual/apbs05.html" (17 Mar 2020, 2158 Bytes) of package /linux/www/ldap-account-manager-7.1.tar.bz2:


Caution: In this restricted "Fossies" environment the current HTML page may not be correctly presentated and may have some non-functional links. You can here alternatively try to browse the pure source code or just view or download the uninterpreted raw source code. If the rendering is insufficient you may try to find and view the page on the ldap-account-manager-7.1.tar.bz2 project site itself.

Chrooted servers

If your server is chrooted and you have no access to /dev/random or /dev/urandom this can be a security risk. LAM stores your LDAP password encrypted in the session. LAM uses rand() to generate the key if /dev/random and /dev/urandom are not accessible. Therefore the key can be easily guessed. An attaker needs read access to the session file (e.g. by another Apache instance) to exploit this.