Use of a Broken or Risky Cryptographic Algorithm in panique/huge
Reported on
Jul 10th 2021
✍️ Description
The function mt_rand is used to generate password-reset tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate password-reset tokens that should not be available to them.
🕵️♂️ Proof of Concept
Numerous examples and attack implementations can be found in this paper .
If you're looking for a practical tool that can crack your mt_rand implementation's seed value, see this project and run the following commands in a console with php5 and OpenWall's tool installed:
root$ php -r 'mt_srand(13333337); echo mt_rand( ), "\n";'
After that, copy the output (1863134308) and execute the following commands:
root$ gcc php_mt_seed.c -o php_mt_seed
root$ ./php_mt_seed 1863134308
After waiting ~1 minute you should have a few possible seeds corresponding to their PHP versions, next to your installed PHP version you should see something similar to:
seed = 0x00cb7359 = 13333337 (PHP 7.1.0+)
Hey, that's your seed!
💥 Impact
An attacker could takeover accounts by enumerating password-reset tokens and then using them to change the password of targeted accounts.
Occurrences
Maintainer here. Thank, excellent find! I'm a bit out of the PHP world (the project is 7+ years old), but according to official PHP docs there's a secure successor of mt_rand, called random_int. I'll implement this within the next days.
https://www.php.net/manual/de/function.mt-rand.php
Out of interest: Who funds the money (and how) for these disclosures / fixes? I love the idea and want to support this (financially).
Hey, thanks for validating the vulnerability - about the funding for huntr.dev, from what I've gathered this project is a London-based startup which is owned by 418sec and I believe that they are funded by venture capitalists.
When I asked about huntr.dev's plan for monetisation, I was told that: "We do plan on selling a service for commercial open source projects, to support their security research needs" & "You can imagine us like HackerOne, but specifically for open source :)"
I'm not sure if that answers your question but it's as far as I've gotten with figuring things out!
Oh, I have also reported a similar vulnerability to this one in another repository a couple of days ago, if you need any examples for 'patches' for this issue, feel free to check out this merge:
https://github.com/emoncms/emoncms/commit/31523b99899eaa19412393ab4ac5ce8d55339643
(from https://huntr.dev/bounties/1625877117672-emoncms/emoncms/)
@Chris - Jamie from the huntr.dev team here! Thanks for the warm feedback!
Feel free to join our Discord and would love to talk further with you!
I've submitted a patch that (hopefull) will resolve the issues raised within this report, let me know if this breaks or degrades anything else though!
Thanks Michael! I dont want to "steal" your work, but I could find a way to merge this properly in to the repo without losing your contribution details (as there is not a real pull request). Can you please commit this to the original repo? Or is it okay if I just copy your changes?
Thanks again, I adore that work
I've looked over my patch and it looks like it could use a bin2hex wrapper around the random_bytes call, I've added that to my branch along with a minor correction to the comment code and have opened a pull request from my branch to the main one in your repository - I'd advise you to check everything over and make sure that it functions correctly before merging but I can't see anything overtly wrong with the commit.
Thank you so much! Now I can see the pull request, and it's merged now. https://github.com/panique/huge/commit/fe8654394d97078f254b48e655f5f62da16697d4