GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » Product Feedback » Kerio Connect Feedback » Serious security flaw in authentication
emblem-important.png  Serious security flaw in authentication [message #152116] Fri, 01 July 2022 09:25 Go to next message
PascalDorland is currently offline  PascalDorland
Messages: 5
Registered: June 2011
Location: Hilversum
LS,

Recently we found out that the feature of blocking malicious login attempts doesn't work.
In our case, AD accounts (we authenticate against a domain controller) become locked out when
hackers try to login several times.

This can also happen with accounts that aren't allowed at all to login from the internet.
(client restriction, access policy)
For instance, I have managed to lock an important account via the internet that is only allowed
to login from our internal IP address ranges.

In the logfiles on Kerio mailserver you can read the following messages:

"Account lockout - user [ADOMAINTESTUSER] will be blocked for connections from IP address [IP ADDRESS] for 5 minutes: too many failed logins from this IP address"

This doesn't happen!!!

You can proceed with your subversive activities and within the minute the account at matter gets locked out.
Hackers hereby have the opportunity to close down parts of your userbase.


What I would like to see is:

When a user tries to authenticate, there should be a checkup first if the username/account is allowed at all to login from it's originating IP.
If not, the communication should be dropped. If it's allowed, further authentication is ok.
I consider this to be a design flaw and a high security issue.

In this way you can have critical accounts with a mailbox and not the risk of those accounts getting locked out due to activity from the internet.
At this time Kerio is giving a false sense of security, there is nothing getting blocked at all!
Brute force galore.
Re: Serious security flaw in authentication [message #152119 is a reply to message #152116] Fri, 01 July 2022 13:06 Go to previous messageGo to next message
chrisc is currently offline  chrisc
Messages: 79
Registered: January 2022
Hi Pascal, thank you for your message. Please take a moment to open a ticket with our technical support team so they can further assist with this.

Chris Contorinis
Customer Care Specialist
GFI Software
Re: Serious security flaw in authentication [message #152120 is a reply to message #152119] Fri, 01 July 2022 13:33 Go to previous messageGo to next message
PascalDorland is currently offline  PascalDorland
Messages: 5
Registered: June 2011
Location: Hilversum
He Chris, They are the ones who send me here in the first place, to register this as a feature request..
So filing another issue looks a bit redundant to me Smile
Re: Serious security flaw in authentication [message #152137 is a reply to message #152120] Mon, 04 July 2022 18:04 Go to previous message
chrisc is currently offline  chrisc
Messages: 79
Registered: January 2022
Hi Pascal, thank you for clarifying! We are currently in the process of updating how feature requests are triaged. The new process should be up and running within the next few weeks so misunderstandings like this will be avoided. In the meantime, I will move your request to our feedback forum so our Product Team can further review it.

Chris Contorinis
Customer Care Specialist
GFI Software
Previous Topic: Feature Request: OpenSSL: version mismatch libssl & libcrypto
Next Topic: Error libcrypto-1_1.dll and libssl-1_1.dll third party programs
Goto Forum:
  


Current Time: Sun Oct 02 21:15:05 CEST 2022

Total time taken to generate the page: 0.02470 seconds