7657 – MD5 is considered unsecure and shouldn't be used

Bug 7657 - MD5 is considered unsecure and shouldn't be used

Summary: MD5 is considered unsecure and shouldn't be used

Status:	NEW

Alias:	None

Product:	ThinLinc
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	trunk
Hardware:	PC Unknown

Importance:	P2 Normal
Target Milestone:	LowPrio
Assignee:	Bugzilla mail exporter

URL:
Keywords:

Depends on:	7639
Blocks:
	Show dependency tree / graph

Reported:	2021-03-08 23:19 CET by Aaron Sowry
Modified:	2022-10-04 08:43 CEST (History)
CC List:	3 users (show)

See Also:	7809 7810
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Aaron Sowry cendio

2021-03-08 23:19:31 CET

Certain security standards (notably FIPS 140-2) forbid the use of MD5, even for non-sensitive operations like checksum. ThinLinc makes use of MD5 in at least one location (presenting the server host key fingerprint), which means it cannot be used by customers who require the FIPS certification.

This bug is about finding where MD5 is used in ThinLinc, and determining whether we can use something else like SHA-256 instead.

Comment 1 Aaron Sowry cendio

2021-12-08 22:14:08 CET

Worth noting that as of Python 3.9, hashlib supports a "usedForSecurity" flag. 

MD5 invocations with this flag set to "False" will not cause FIPS verification to fail, since the standard allows MD5 if it is not being used for security purposes.

Comment 3 Pierre Ossman cendio

2021-12-15 15:37:48 CET

Two areas discovered where we use MD5:

 * Computing signatures for the SSH host keys. Done by the agent and sent to the client. Not used by current clients, but unsure if older clients need this.

 * Used in generating the mcookie for Xvnc

Comment 4 Pierre Ossman cendio

2021-12-17 15:00:07 CET

(In reply to Pierre Ossman from comment #3)
> Two areas discovered where we use MD5:
> 

For reference, this are the errors you see:

>  * Computing signatures for the SSH host keys. Done by the agent and sent to
> the client. Not used by current clients, but unsure if older clients need
> this.
> 

In vsmagent.log:

> 2021-12-16 16:57:40 WARNING vsmagent: Error parsing SSH key: 127.0.0.1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDwt3T8mwEitzpxeW9zaWcZ09T4Ug9VdtZdYM1F02lDJ5QIKmUYGtuRl90Epo1b8HuOzCY6XxgJuUDJgbEl3oXFDcxBIcWYu/pVA/IuG/lykaoA/u3s3QBbpgZ3L7z5It5bt+4y5VzTBjzPFTVJmGhJ+Xo6EZS68TZFws0PqSSYhBMeIc3617LlrDHMzVYFIspaXUeUHXj93LRxUjrDqVRanjBL0Ey217+625CkWEQlfzbe6/InaZ5Fc5AqYBPIQx8fqhsRBZf8nFhF7ZQHyUTkSKB9F4yq+aHfYw1hj5QYMpmwvna4jMsybFV86tNn7Ogg3uafXGrTrgTxXjBsf+jr
> 2021-12-16 16:57:40 WARNING vsmagent: Error parsing SSH key: 127.0.0.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMt3xd2SaE3oryCkJzFbxTwjiT7cqQo3Lhpd3++9hDCYh9Jab/qPYLlwSXjJH1Pg5BP3rjw0u5o0g5rPDCOYnCM=

>  * Used in generating the mcookie for Xvnc

Also in vsmagent.log:

> 2021-12-17 13:06:26 ERROR vsmagent: Unhandled XMLRPC exception: <class 'ValueError'> [digital envelope r
> outines: EVP_DigestInit_ex] disabled for FIPS Traceback (most recent call last):
>   File "/opt/thinlinc/modules/thinlinc/vsm/asyncbase.py", line 104, in ooOOOoOO0
>     obj . handle_read_event ( )
>   File "/usr/lib64/python3.6/asyncore.py", line 423, in handle_read_event
>     self.handle_read()
>   File "/usr/lib64/python3.6/asynchat.py", line 151, in handle_read
>     self.found_terminator()
>   File "/opt/thinlinc/modules/thinlinc/vsm/xmlrpc.py", line 555, in found_terminator
>     self . handle_request ( )
>   File "/opt/thinlinc/modules/thinlinc/vsm/xmlrpc.py", line 569, in handle_request
>     self . handle_method ( )
>   File "/opt/thinlinc/modules/thinlinc/vsm/vsmagentchannel.py", line 120, in handle_method
>     self . params )
>   File "/opt/thinlinc/modules/thinlinc/vsm/handler_reqsession.py", line 50, in handle
>     self . check_old_client ( )
>   File "/opt/thinlinc/modules/thinlinc/vsm/handler_reqsession.py", line 62, in check_old_client
>     self . check_valid_user ( )
>   File "/opt/thinlinc/modules/thinlinc/vsm/handler_reqsession.py", line 69, in check_valid_user
>     self . setup_session_info ( )
>   File "/opt/thinlinc/modules/thinlinc/vsm/handler_reqsession.py", line 95, in setup_session_info
>     self . find_free_display ( )
>   File "/opt/thinlinc/modules/thinlinc/vsm/handler_reqsession.py", line 177, in find_free_display
>     self . find_free_display ( socket_status = SOCKET_NOT_INUSE )
>   File "/opt/thinlinc/modules/thinlinc/vsm/handler_reqsession.py", line 138, in find_free_display
>     self . set_sessionkey ( )
>   File "/opt/thinlinc/modules/thinlinc/vsm/handler_reqsession.py", line 201, in set_sessionkey
>     self . set_vncpassword ( )
>   File "/opt/thinlinc/modules/thinlinc/vsm/handler_reqsession.py", line 243, in set_vncpassword
>     self . correct_system_sockets ( )
>   File "/opt/thinlinc/modules/thinlinc/vsm/handler_reqsession.py", line 306, in correct_system_sockets
>     self . check_homedir ( )
>   File "/opt/thinlinc/modules/thinlinc/vsm/handler_reqsession.py", line 347, in check_homedir
>     self . start_session ( )
>   File "/opt/thinlinc/modules/thinlinc/vsm/handler_reqsession.py", line 352, in start_session
>     II1 = oO00 . start ( )
>   File "/opt/thinlinc/modules/thinlinc/vsm/sessionstart.py", line 40, in start
>     self . create_session_env ( )
>   File "/opt/thinlinc/modules/thinlinc/vsm/sessionstart.py", line 72, in create_session_env
>     self . session_env [ "TLSESSIONMCOOKIE" ] = self . mcookie ( )
>   File "/opt/thinlinc/modules/thinlinc/vsm/sessionstart.py", line 122, in mcookie
>     Oo0O0o0oO000 = hashlib . md5 ( )
> ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS

Comment 7 Pierre Ossman cendio

2022-05-23 15:59:13 CEST

(In reply to Pierre Ossman from comment #3)
> Two areas discovered where we use MD5:
> 
>  * Computing signatures for the SSH host keys. Done by the agent and sent to
> the client. Not used by current clients, but unsure if older clients need
> this.
> 

They do. Any client older than 4.1.0 will need an exact match of the fingerprint, compared to what the client's ssh produces. This was changed in bug 4557 where we check the entire key instead.

So removing MD5 here would effectively drop support for clients older than 4.1.0.

(If that is done, when we should probably have some dummy information instead of the fingerprint. It looks like the client will crash and burn if this field is missing, rather than present an error message.)

Comment 8 Ken Bass 2022-06-23 21:02:17 CEST

Is there a workaround for this bug?

I was forced to upgrade from Centos 7 to RHEL8 w/ fips enabled. I am trying to use the latest server 4.14 and latest client 4.14. I have no need for support clients older than 4.1.0.

Trying to connect on a fresh install yields same backtrack reported above in Comment #4.

Comment 9 Pierre Ossman cendio

2022-06-27 08:33:58 CEST

No, I'm afraid we are not aware of any workaround for this right now.

Comment 10 Ken Bass 2022-06-27 17:59:54 CEST

I hand modified the thinlinc/modules/thinlinc/vsm/sessionstart.py file and changed hashlib.md5() to hashlib.sha256(). That worked. I did this based on this bug description indicating this hash calculation doesn't even matter except for supporting of very old 4.1 clients. So maybe you just need a flag or configuration option that does something similar to what I did by hand or a way to disable this altogether? Looking on your site, version 4.1 is 9 or 10 years old, right?

Comment 11 Pierre Ossman cendio

2022-08-15 12:52:55 CEST

https://community.thinlinc.com/t/thinlinc-fails-due-to-fips-mode/392/6

Note You need to log in before you can comment on or make changes to this bug.