Ticket #822 (fixed bug)
Vulnerability in FluxBB 1.5.2 and possible earlier
- Created: 2013-01-17 06:43:53
- Reported by: ymaryshev
- Assigned to: Franz
- Milestone: 1.5.3
- Component: security
- Priority: highest
The specialists of Positive Technologies have detected a "Password Reset Token Prediction" vulnerability in FluxBB.
The vulnerability was detected in password reset token generation algorithm. FluxBB generates weak random numbers using mt_rand function:
function random_key($len, $readable = false, $hash = false)
/* ... */
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
for ($i = 0; $i < $len; ++$i)
$key .= substr($chars, (mt_rand() % strlen($chars)), 1);
FluxBB also leaks mt_rand output in "search_id" parameter:
$search_id = mt_rand(1, 2147483647);
After requesting password reset FluxBB generates password reset token and the new password like this:
// Generate a new password and a new password activation code
$new_password = random_pass(8);
$new_password_key = random_pass(8);
In order to predict these values an attacker should send large number of keep-alive requests so that web-server starts to create new processes with freshly seeded Mersenne Twister. He then should make two requests in keep-alive:
The first request will return "search_id" parameter in redirection URL which leaks mt_rand number. Because in keep-alive PRNG state is shared, using this number we can bruteforce seed and thus predict password reset token and the new password that were generated after the second request. CUDA seed bruteforcer for FluxBB is available here: __http://raz0r.name/fluxbb_cuda.cu
---[ How to fix ]
Password reset token generation should be hardened using more reliable functions such as openssl_random_pseudo_bytes().
---[ Credits ]
The vulnerability was discovered by Arseny Reutov, Positive Research Center (Positive Technologies Company)
Franz 2013-01-17 12:40:53
- Milestone set to 1.5.3.
Thank you for the report - I will take a look at this.
Was this issue disclosed elsewhere?
ymaryshev 2013-01-24 15:36:10
We do not disclosure vulnerability details in case vendor accepts the problem and inform us about the fixing process.
Franz 2013-01-26 23:51:50
Okay, I will try to publish a fix this coming week.
Thank you for your patience!
Franz 2013-01-26 23:52:01
- Owner set to Franz.
Franz 2013-02-06 00:03:50
Okay, I've found a library with a better random number generator, I believe. I'm working on incorporating it. The release process takes a bit, I'm hoping to do that at some point this week.
Franz 2013-02-21 23:20:41
- Status changed from open to fixed.
Okay, I've got this fixed locally. Will push and publish a release tomorrow.
Thanks for the heads-up and sorry for the slow-ish response - investigating the proper solution took a while.
ymaryshev 2013-02-22 04:38:21
Thanks for your work
Franz 2013-02-22 11:25:14
- Visibility set to public.
Franz 2013-07-07 19:56:45
Why not. Just make sure the PHP 4 compatibility fixes are in there...