Use of a Broken or Risky Cryptographic Algorithm in panique/huge
Jul 10th 2021
mt_rand is used to generate password-reset tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate password-reset tokens that should not be available to them.
🕵️♂️ Proof of Concept
Numerous examples and attack implementations can be found in this paper .
If you're looking for a practical tool that can crack your
mt_rand implementation's seed value, see this project and run the following commands in a console with
php5 and OpenWall's tool installed:
root$ php -r 'mt_srand(13333337); echo mt_rand( ), "\n";'
After that, copy the output (
1863134308) and execute the following commands:
root$ gcc php_mt_seed.c -o php_mt_seed root$ ./php_mt_seed 1863134308
After waiting ~1 minute you should have a few possible seeds corresponding to their PHP versions, next to your installed PHP version you should see something similar to:
seed = 0x00cb7359 = 13333337 (PHP 7.1.0+)
Hey, that's your seed!
An attacker could takeover accounts by enumerating password-reset tokens and then using them to change the password of targeted accounts.