This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9 Password Storage

Hi there,

 

while using the API, I figured out that passwords for internal users are stored as md4-hashes.

According to Wikipedia: "As of 2007, an attack can generate collisions in less than 2 MD4 hash operations" [1]. That was 10 years ago...

 

Is there any possibility to change the hash algorithm to something useful / secure?

I know that I can use alternative authentication backends, but that's explicitly not what I want.

 

Thanks in advance.

Best,

Alk

 

[1] en.wikipedia.org/.../MD4



This thread was automatically locked due to age.
  • Hi    There are currently no plans to change the hash algorithm, as an attacker would need to be a privileged admin on the UTM in the first place.

     

    - Karlos

    Community Support Engineer

    Karlos
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • I'm sorry, but that's not a very good argument.

    First of all, if it didn't matter, why not simply store the passwords plaintext? I'm sure I don't need to explain why that's a bad idea.

     

    Also, we all know that users like to reuse passwords. So, let's assume a system that has to automatically create networks and users on the firewall. For this, it requires an API key (with admin privileges, because of the user creation).

    If this system is compromised, the adversary can (obviously) modify arbitrary settings in the firewall and gain access to other parts of the network, which is bad enough.

    But instead of telling your customers "Hey, we messed up and an attacker temporarily gained access to some parts of the network (s)he wasn't supposed to.", it's "Hey, we messed up and an attacker temporarily gained access to some parts of the network (s)he wasn't supposed to. Also, all passwords were stolen and if your users aren't very security-minded people, all your confidential business information that was stored in mails etc. has now been stolen.". Alternatively, the passwords may be used to gain further access to (now accessible) systems.

    Also, all passwords are unsalted (not that it matters when using md4).

     

    I'm asking you to seriously reconsider this decision.

  • Hi  

    We understand your concern. The best thing for you to do is to submit a feature request here

    Our product team will take a look. Thanks Alk.

    - Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • Hi  

    done, see https://ideas.sophos.com/forums/17359-sg-utm/suggestions/31262554-secure-up-to-date-password-storage-for-internal

    It feels kind of sad that basic security best-practices have to be requested as "features" though... I hope the product team will act upon this issue.

     

    Thanks for your support.

    Alk

  • Hello Alk,

    are these only local passwords that are stored this way or ist there also some caching of passwords of backend systems involved?

    I discovered recently that wen switching on debug mode all passwords (firewall and backend systems) are printed to the logfiles in cleartext. This can easily be switched on with a one liner by all administrators. The sophos support did not mention it to my collegue when he began troubleshooting with them. I was discovering it after the ticket processing was very slow and I decided to have a look on the logfiles on my own.

    Best regards,

    Bernd

  • Good question.

    As far as I can tell from the API, the passwords are not cached for remote users. (The md4hash property is empty).

    However, if you use a remote authentication backend, you have to add an account to authenticate with.

    The credentials for this account are stored in plaintext (!) and can be accessed via the API.

  • Hi, Alk, and welcome to the UTM Community!

    My company has been installing this software since 2003.  As you can tell, I've been an active participant here for over 10 years.  During that time, I've probably read every post related to the UTM.  No such situation has occurred that was reported here.

    Up until Sophos bought Astaro, this venue rarely saw Astaro employees and there was no attempt by Astaro to remove such reports.  I'm not saying that Sophos does, just that we would have known sometime before 2013.

    That said, there are several things an experienced installer does to minimize the attack surface.  First, limit access to WebAdmin to a few IPs.  You also can use two-factor auth.  I like to add a remote access account and then include "MyUserName (User Network)" as a different kind of two-factor auth.  I also recommend only allowing one person to know the admin credentials, and it's not me!  The admin user should always be the backup for getting in when the primary admin's account doesn't authenticate.  Similarly, I always configure root access by RSA key, and the "(User Network)" trick also works there for two-factor auth.

    I could go on, but suffice to say that the exposure should be virtually non-existent for a site configured correctly.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • BUMP...

    Is UTM9 still using MD4?

  • Hey Barry - glad to see you back!

    Indeed:

    secure:/home # cc get_object REF_AaaUseMyUser|grep hash
                          'md4hash' => 'xxxxxxxxxxxxxxxXXXXXXXXXXXXXXXXX',

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Guys, 

    with the latest XG vulnerability we can see a zero-day can indeed be used/vuln can occur making it possible to extract/steal these hashes. It is only luck this has not yet happened with an UTM, this can happen to ANY system. So IMHO this should be changed ASAP. MD4 should be considered as absolutely out of the question. 

    Thanks,

    Joerg