Use of Predictable Algorithm in Random Number Generator in phpservermon/phpservermon


Reported on

Jun 23rd 2021

✍️ Description

The random number generator implemented by mt_rand() cannot withstand a cryptographic attack. Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context.

In this case the function that generates weak random numbers is mt_rand() in /psm/Service/User.php at line 394.

This code uses the rand() function to generate "unique" identifiers for the receipt pages it generates. Because rand() is a statistical PRNG, it is easy for an attacker to guess the strings it generates. Although the underlying design of the receipt system is also faulty, it would be more secure if it used a random number generator that did not produce predictable receipt identifiers, such as a cryptographic PRNG.

πŸ•΅οΈβ€β™‚οΈ Proof of Concept


#!/usr/bin/env php

if($argc < 3)
    print($argv[0] . ' <seed> <n>' . "\n");
    print('' . "\n");
    print('Parameters:' . "\n");
    print('  seed:   Seed to initialize mt_rand() with' . "\n");
    print('  offset: Number of calls to mt_rand() before printing the first');
    print(' output' . "\n");
    print('' . "\n");
    print('Output:' . "\n");
    print('  <offset>\'s call to mt_rand() and <offset+227>\'s call');
    print(' to mt_rand()' . "\n");


print mt_rand() . " ";
print mt_rand() . "\n";

πŸ’₯ Impact

By exploiting this vulnerability, an attacker will able to produce or guess the reset password hashes of any user.

πŸ•΅οΈβ€β™‚οΈ Solution

When unpredictability is critical, as is the case with most security-sensitive uses of randomness, use a cryptographic PRNG. Regardless of the PRNG you choose, always use a value with sufficient entropy to seed the algorithm. (Values such as the current time offer only negligible entropy and should not be used.)


We have contacted a member of the phpservermon team and are waiting to hear back 2 years ago
Tim Zandbergen
2 years ago


Thank you for finding πŸ™ ! There are no reporters from users that this vulnerability has been used. Fixing it before someone does use it.

Tim Zandbergen validated this vulnerability 2 years ago
Akshay Jain has been awarded the disclosure bounty
The fix bounty is now up for grabs
Tim Zandbergen marked this as fixed with commit 3daa80 2 years ago
Tim Zandbergen has been awarded the fix bounty
This vulnerability will not receive a CVE
Akshay Jain
2 years ago


Quick fix Tim :) have a nice day! Thanks!

to join this conversation