[Ffmpeg-devel] SVN challenge response authentication weaknesses

Diego Biurrun diego
Sat May 27 14:16:38 CEST 2006

On Sat, May 27, 2006 at 12:57:35PM +0200, Michael Niedermayer wrote:
> 1. passwords are stored in plaintext on the server this means everyone
> who has root or can get his hands on the servers harddisk knows your password
> -> dont reuse any important password

Yes.  Of course all the roots can tamper with the repository in any way
they like anyway...

> 2. someone who can listen to network traffic can get salt + md5 pairs
>    with which he can perform a offline bruteforce attack (never use weak
>    passwords)

I've made sure that the passwords are not weak :)

> 3. someone who can listen to network traffic and can inject packets
>    can hijack your connection and possibly inject some changes iam not
>    sure how easy this is in practice the problem is the connection will
>    get reset unless the client is kept from participating (by DOS or so)

I'm not sure how practical this is.  The diff sent out with the commit
notification will not be what you committed and later changes might
cause surprising conflicts.  Slipping something in unnoticed will be
quite hard IMO.

> 4. someone who can listen and modify network traffic will trivially
>    be able to do anything he wants after authentication

Just on the repository, there are no system accounts and the daemon runs
as a separate unprivileged user.


More information about the ffmpeg-devel mailing list