Use of a Broken or Risky Cryptographic Algorithm in livehelperchat/livehelperchat

Valid

Reported on

Oct 1st 2021


Description

livehelperchat uses cryptographically insecure functions (microtime, mt_rand() and even rand) to generate sensitive information.

Proof of Concept

None provided, see the PHP documentation that specifies the cryptographic insecurity of the above functions.

Impact

This vulnerability is capable of allowing an attacker to deduce previously-generated (and future) passwords.

Occurences

$str = substr(md5($str . microtime() . rand(1, 10000000)), 0, $lenght);
for ($i = 0; $i<$lenght; $i++) {
    $str .= substr($allchar, mt_rand(0, 36), 1);
}
mt_srand(( double) microtime() * 1000000);
We have contacted a member of the livehelperchat team and are waiting to hear back 2 months ago
Remigijus Kiminas validated this vulnerability 2 months ago
Michael Rowley has been awarded the disclosure bounty
The fix bounty is now up for grabs
Remigijus Kiminas confirmed that a fix has been merged on 1b101a 2 months ago
The fix bounty has been dropped