A security researcher has contacted us to make us aware of some weaknesses in the design of our master password system.
There is no vulnerability here per se, however he/she raises some valid concerns. Essentially it boils down to us not forcing users to choose strong passwords and a lack of strong defences for brute force password guessing attempts. We can improve on what we do, and we want to provide additional advice to our users.
We want to thank Tristan Madani for providing us with a professional and detailed threat analysis.
Basic protectionWe will be addressing these concerns within Composr, but to be protected please ensure your master password follows these rules:
- at least 8 characters in length
- contains at least 1 upper case character
- contains at least 1 lower case character
- contains at least 1 number
- contains at least 1 symbol
Further optional protectionAlternatively/additionally you can temporarily remove the $SITE_INFO['admin_password']='xxx'; line from your info.php file and only put it back when you need to log into a maintenance script such as the upgrader.
To provide additional protection beyond the master password you may want to set IP-based restrictions (or temporary access blocks) to the following scripts:
Follows are sample access rules for an Apache .htaccess file to provide a temporary access block:
Deny from all