PHPCRED-13: Password Usage Search

Issue Information

Issue Type: New Feature
 
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PHPCredlocker (PHPCRED)
Resolution: Won't Fix (2019-09-09 15:51:07)
Target version: 1.25,
Components: Crypto , Storage ,

Created: 2013-12-07 00:52:43
Time Spent Working


Description
Would need to be a Super-Admin only function.

If a password is known to be compromised (or it's known that a specific pass has been re-used), it'd be good to be able to search all stored credentials to display a list of where that password is used.

Would need to encrypt the submitted password with all available crypto keys (so begin by retrieving cred types) and then search the database for that value.

Obviously needs to be well secured to prevent introducing a fairly severe security hole!


Toggle State Changes

Activity


2013-12-08 16:34:34
btasker added '1.25' to Fix Version

2013-12-08 16:34:34
btasker removed '1.5' from Fix Version

2013-12-08 16:44:04
btasker changed status from 'Open' to 'In Progress'

2013-12-08 18:05:57
Given the potential number of keys, and the key length, it'll need to be 1 request per credType to ensure that we don't hit any execution limits. So whilst the view needs to be created, most of the legwork will need to be created through an AJAX request.

Would suggest the resulting output is along the following lines

|Customer|CredType|Username|Comment|Edit Cred Link|

2013-12-08 18:29:13
The API request method to use is


searchCredValue


The view name is


searchCreds


No real functionality implemented as yet, but the JS functions are in place (if currently somewhat useless)

2013-12-08 23:14:11
Feature implemented to a basic level.

Have merged and closed the feature branch. Changes now in Dev

2019-09-09 15:51:07
Bulk Closing as Won't Fix.

Credlocker is EOL so no further work will be done.

2019-09-09 15:51:07
btasker changed status from 'In Progress' to 'Closed'

2019-09-09 15:51:07
btasker added 'Won't Fix' to resolution