Use of a Broken or Risky Cryptographic Algorithm in boxbilling/boxbilling

Valid

Reported on

Jul 10th 2021


✍️ Description

The function mt_rand is used to generate ticket hashes at the reference shown, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to disclose critical information for accounts that are not under his/her control

🕵️‍♂️ Proof of Concept

Numerous examples and attack implementations can be found in this paper . If you're looking for a practical tool that can crack your mt_rand implementation's seed value, see this project and run the following commands in a console with php5 and OpenWall's tool installed:

root$ php -r 'mt_srand(13333337); echo mt_rand( ), "\n";'

After that, copy the output (1863134308) and execute the following commands:

root$ gcc php_mt_seed.c -o php_mt_seed
root$ ./php_mt_seed 1863134308

After waiting ~2 minutes you should have a few possible seeds corresponding to their PHP versions, next to your installed PHP version you should see something similar to:

seed = 0x00cb7359 = 13333337 (PHP 7.1.0+)

Hey, that's your seed!

💥 Impact

An attacker could read and send messages on any ticket as they would be able to generate the ticket hashes and (at random) interact with them.

We have contacted a member of the boxbilling team and are waiting to hear back a year ago
Michael Rowley
a year ago

Researcher


The SECURITY.md in boxbilling's repository doesn't contain an email and I can't see any open issues about a security issue in their issues tab,

Timothy Webb Sr validated this vulnerability a year ago
Michael Rowley has been awarded the disclosure bounty
The fix bounty is now up for grabs
Timothy Webb Sr marked this as fixed with commit 2e1df2 a year ago
Belle Aerni has been awarded the fix bounty
This vulnerability will not receive a CVE
Jamie Slome
a year ago

Admin


Just for reference, I added @bennottelling as the fixer to this report and has been confirmed by the maintainers.

to join this conversation