Use of a Broken or Risky Cryptographic Algorithm in boxbilling/boxbilling

Valid

Reported on

Jul 10th 2021


✍️ Description

The function mt_rand is used to generate ticket hashes at the reference shown, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to disclose critical information for accounts that are not under his/her control

🕵️‍♂️ Proof of Concept

Numerous examples and attack implementations can be found in this paper . If you're looking for a practical tool that can crack your mt_rand implementation's seed value, see this project and run the following commands in a console with php5 and OpenWall's tool installed:

root$ php -r 'mt_srand(13333337); echo mt_rand( ), "\n";'

After that, copy the output (1863134308) and execute the following commands:

root$ gcc php_mt_seed.c -o php_mt_seed
root$ ./php_mt_seed 1863134308

After waiting ~2 minutes you should have a few possible seeds corresponding to their PHP versions, next to your installed PHP version you should see something similar to:

seed = 0x00cb7359 = 13333337 (PHP 7.1.0+)

Hey, that's your seed!

💥 Impact

An attacker could read and send messages on any ticket as they would be able to generate the ticket hashes and (at random) interact with them.

We have contacted a member of the boxbilling team and are waiting to hear back 5 months ago
We have contacted a member of the boxbilling team and are waiting to hear back 5 months ago
Michael Rowley
5 months ago

Researcher


The SECURITY.md in boxbilling's repository doesn't contain an email and I can't see any open issues about a security issue in their issues tab,

Mr. Timothy G Webb Sr. validated this vulnerability 4 months ago
Michael Rowley has been awarded the disclosure bounty
The fix bounty is now up for grabs
Mr. Timothy G Webb Sr. confirmed that a fix has been merged on 2e1df2 4 months ago
Benjamin Aerni has been awarded the fix bounty
Jamie Slome
3 hours ago

Admin


Just for reference, I added @bennottelling as the fixer to this report and has been confirmed by the maintainers.