Password data leakage when using external authentication
Closed, ResolvedPublic

Description

MediaWiki stores passwords in the local database under a number of circumstances. Auth plugins were taking steps to avoid this, but there's a number of ways in which core makes it impossible.

AuthPlugin should have a method that tells core whether it should or should not store the password locally.


Version: 1.19.1
Severity: normal

bzimport added a subscriber: wikibugs-l.
bzimport set Reference to bz39184.
RyanLane created this task.Via LegacyAug 9 2012, 12:40 AM
RyanLane added a comment.Via ConduitAug 9 2012, 12:45 AM

Patch to fix the issue in core.

Attached: fix_dataleakage.patch

RyanLane added a comment.Via ConduitAug 31 2012, 1:31 AM

If your MediaWiki installation doesn't allow local authentication, and only allows external authentication, then you should purge all passwords from your MediaWiki database:

UPDATE user SET user_password='';

If your installation has a mix of users that use local authentication and external authentication you should purge the user_password field for the external users, but not for the local users. Unfortunately, there's no easy way to tell which users are external and which are local, you'll need to determine that yourself.

hashar added a comment.Via ConduitAug 31 2012, 8:29 AM

Unhiding patch since it got release publicly.

csteipp added a project: Security.Via WebThu, Mar 26, 8:39 PM

Add Comment

Column Prototype
This is a very early prototype of a persistent column. It is not expected to work yet, and leaving it open will activate other new features which will break things. Press "\" (backslash) on your keyboard to close it now.