Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    SOLVED Secure LDAP?

    Support
    security ldap
    3
    6
    87
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      will last edited by girish

      Guys,
      I noticed while fooling around in nextcloud that it is using LDAP as opposed to LDAPS to connect to cloudron LDAP. This means that requests and creds are sent in plain text. Now somebody would have to be on the container network to sniff these, but still a big no no. (I once had my enterprise admin credentials exposed on a webex because my boss used LDAP instead of LDAPS and was reviewing a PCAP live.)

      1 Reply Last reply Reply Quote 0
      • nebulon
        nebulon Staff last edited by

        As you said this is only happening within the server local container network. If a person has access to that, that person has numerous ways to get a user's password. For example just adding a console.log() in the code which validates the password. I don't really see how the security is improved by making the local connection using locally available certificates.

        1 Reply Last reply Reply Quote 1
        • girish
          girish Staff last edited by girish

          I have pondered adding CapDrop NET_RAW in the past to all our containers but this will break some tools like ping. But the real reason I haven't added it is that because as @nebulon said, if user gets access to container network, then all is lost already. This is why in our previous release, we started making sure that apps that use the docker addon can can only be installed by owner privileges (i.e a user who already has ssh access).

          One attack I can think of is if the app container image is itself compromised. Atleast, right now, all app images are personally tested by us and we only install upstream apt packages and we don't allow 3rd party packagers. So, maybe dropping NET_RAW is worth it for future proofing. AFAIK, this won't break anything.

          1 Reply Last reply Reply Quote 2
          • girish
            girish Staff last edited by

            @will Just wanted to follow up on this. I did end up removing NET_RAW caps from the app containers in 5.2. So, containers cannot sniff each other's traffic anymore.

            W 1 Reply Last reply Reply Quote 3
            • W
              will @girish last edited by

              @girish Thanks, might be paranoid, but the little things add up.

              1 Reply Last reply Reply Quote 1
              • girish
                girish Staff last edited by girish

                I think there's a genuine case in the future where if we introduce per-app admins, then app admin can access terminal of one app to see traffic (and sniff ldap/db creds) of another app. I think it's an excellent suggestion to remove it!

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post