Insufficient salting in the net-ldap Ruby gem
pierre.carrier at airbnb.com
Wed Feb 12 22:02:50 UTC 2014
SSHA passwords generated by the net-ldap Ruby gem use a salt between
"0" and "999", only providing 10 bits of entropy.
This is an attack vector, making attacks based on rainbow tables
significantly easier than with a strong salt.
This E-mail is sent to the current upstream maintainer and all vendors
that distribute a version of that gem.
Your version might not be affected; if not, sorry for the noise.
Site Reliability Engineer, Airbnb
More information about the freebsd-bugbusters