Use of Predictable Algorithm in Random Number Generator in beestat/app


Reported on

Jul 3rd 2021

✍️ Description

The random number generator implemented by mt_rand() cannot withstand a cryptographic attack. In this case the function that generates weak random numbers is mt_rand() in user.php at line 58.

🕵️‍♂️ Proof of Concept

Vulnerable Code

   * Create an anonymous user so we can log in and have access to everything
   * without having to spend the time creating an actual user.
  public function create_anonymous_user() {
    $username = strtolower(sha1(uniqid(mt_rand(), true))); //mt_rand used
    $password = strtolower(sha1(uniqid(mt_rand(), true))); //mt_rand used
    $user = $this->create([
      'username' => $username,
      'password' => $password,
      'anonymous' => 1



#!/usr/bin/env php

if($argc < 3)
    print($argv[0] . ' <seed> <n>' . "\n");
    print('' . "\n");
    print('Parameters:' . "\n");
    print('  seed:   Seed to initialize mt_rand() with' . "\n");
    print('  offset: Number of calls to mt_rand() before printing the first');
    print(' output' . "\n");
    print('' . "\n");
    print('Output:' . "\n");
    print('  <offset>\'s call to mt_rand() and <offset+227>\'s call');
    print(' to mt_rand()' . "\n");


print mt_rand() . " ";
print mt_rand() . "\n";

💥 Impact

Attacker can predict the possible anonymous username and passwords with full access.


We have contacted a member of the beestat/app team and are waiting to hear back 7 months ago
beestat/app maintainer
20 days ago


These values are in the database to satisfy some other requirements, but this type of authentication is never used for anything. I'll mark this as valid since I could generate the random data more securely but the severity is minimal.

beestat/app maintainer validated this vulnerability 20 days ago
Akshay Jain has been awarded the disclosure bounty
The fix bounty is now up for grabs
beestat/app maintainer confirmed that a fix has been merged on 14bed9 20 days ago
The fix bounty has been dropped
user.php#L58-L59 has been validated