From: Lloyd Subject: login_yubikey(8) logging patch To: "tech@openbsd.org" Date: Fri, 21 Feb 2025 19:49:23 +0000 Hello tech@ I shared this issue with bugs@ a few weeks ago, sharing the patch here to get more eyeballs on it in case anyone is interested. Current login_yubikey(8) writes OTP shared secrets to the syslog in plaintext. There is no need for this, as the data could potentially be archived or sent to a remote system unencrypted depending on how local syslog is architected. The term uid is a misnomer, it is unlike a login uid, rather a shared secret which is exchanged wrapped with a symmetric key. Yubico refers to this field as the Private ID in their documentation and it is intended to be known only by the key holder and the authenticating server. Patch below removes extraneous debugging data of limited usefulness from the syslog calls. I surmise this was leftover from development debugging and never removed. This is not a huge security issue by any means but should probably be corrected. --- login_yubikey.c.orig Sat Sep 3 11:01:44 2016 +++ login_yubikey.c Thu Jan 16 12:24:28 2025 @@ -252,16 +252,11 @@ yubikey_login(const char *username, const char *passwo if (!yubikey_crc_ok_p((uint8_t *)&tok)) continue; /* try another one */ crcok++; - syslog(LOG_DEBUG, "user %s: crc %04x ok", - username, tok.crc); + syslog(LOG_DEBUG, "user %s: crc ok", username); if (memcmp(tok.uid, uid, YUBIKEY_UID_SIZE)) { - char h[13]; - - yubikey_hex_encode(h, (const char *)tok.uid, - YUBIKEY_UID_SIZE); - syslog(LOG_DEBUG, "user %s: uid %s != %s", - username, h, hexuid); + syslog(LOG_DEBUG, "user %s: uid doesn't match", + username); continue; /* try another one */ } break; /* uid matches */ @@ -282,18 +277,16 @@ yubikey_login(const char *username, const char *passwo explicit_bzero(key, sizeof(key)); - syslog(LOG_INFO, "user %s uid %s: %d matching keymaps (%d checked), " - "%d crc ok", username, hexuid, mapok, i, crcok); + syslog(LOG_INFO, "user %s uid: %d matching keymaps (%d checked), " + "%d crc ok", username, mapok, i, crcok); ctr = ((u_int32_t)yubikey_counter(tok.ctr) << 8) | tok.use; if (ctr <= last_ctr) { - syslog(LOG_INFO, "user %s: counter %u.%u <= %u.%u " - "(REPLAY ATTACK!)", username, ctr / 256, ctr % 256, - last_ctr / 256, last_ctr % 256); + syslog(LOG_INFO, "user %s: counter <= last (REPLAY ATTACK!)", + username); return (AUTH_FAILED); } - syslog(LOG_INFO, "user %s: counter %u.%u > %u.%u", - username, ctr / 256, ctr % 256, last_ctr / 256, last_ctr % 256); + syslog(LOG_INFO, "user %s: counter > last [OK]", username); umask(S_IRWXO); if ((f = fopen(fn, "w")) == NULL) { syslog(LOG_ERR, "user %s: fopen: %s: %m", username, fn);