Re: Different behaviour of storing plaintext passwords under Unix - svn log differes from svn co/up

On 21.11.2014 16:05, Schulz, Gunther wrote:
>
> - strangely I was asked if I want to store the hostkey
> certificate which worked seemlessly
>

The server certificate does not contain any passwords or private keys,
and anyone can download it simply by creating an SSL connection to your
server (with 'openssl s_client', for example). So it's not considered
insecure to store that on disk, unencrypted.

There is a possible attack vector through that: Since Subversion was
told to trust the stored certificate, one can imagine a situation where
an attacker (a) subverts IP routing and/or DNS to redirect your
connections to their own server, with a different certificate; (b)
breaks in to your, and (c) every other, client machine to change their
stored server certs. However, at least (c) unlikely.

OTOH, since "unlikely" is not the same as "can't happen", we should
perhaps consider not storing the server cert, too, if plaintext password
storage is disabled.

-- Brane

P.S.: Compare the above scenario with the far more simple and likely one
where the attacker breaks into your server and steals it wholesale,
including the server's private key.
Received on 2014-11-22 08:39:04 CET