Fork me on GitHub
Subscribe 3

Ticket #822 (fixed bug)

Vulnerability in FluxBB 1.5.2 and possible earlier

  • Created: 2013-01-17 06:43:53
  • Reported by: ymaryshev
  • Assigned to: Franz
  • Milestone: 1.5.3
  • Component: security
  • Priority: highest

The specialists of Positive Technologies have detected a "Password Reset Token Prediction" vulnerability in FluxBB.

The vulnerability was detected in password reset token generation algorithm. FluxBB generates weak random numbers using mt_rand function:

function random_key($len, $readable = false, $hash = false)
/* ... */
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
for ($i = 0; $i < $len; ++$i)
    $key .= substr($chars, (mt_rand() % strlen($chars)), 1);

FluxBB also leaks mt_rand output in "search_id" parameter:
$search_id = mt_rand(1, 2147483647);

After requesting password reset FluxBB generates password reset token and the new password like this:

// Generate a new password and a new password activation code
$new_password = random_pass(8);
$new_password_key = random_pass(8);

In order to predict these values an attacker should send large number of keep-alive requests so that web-server starts to create new processes with freshly seeded Mersenne Twister. He then should make two requests in keep-alive:

GET /search.php?action=search&keywords=test&search=Search
POST /login.php?action=forget_2
form_sent=1&req_email=admin%40email.com

The first request will return "search_id" parameter in redirection URL which leaks mt_rand number. Because in keep-alive PRNG state is shared, using this number we can bruteforce seed and thus predict password reset token and the new password that were generated after the second request. CUDA seed bruteforcer for FluxBB is available here: __http://raz0r.name/fluxbb_cuda.cu

---[ How to fix ]

Password reset token generation should be hardened using more reliable functions such as openssl_random_pseudo_bytes().

---[ Credits ]

The vulnerability was discovered by Arseny Reutov, Positive Research Center (Positive Technologies Company)

History

Franz 2013-01-17 12:40:53

  • Milestone set to 1.5.3.

Thank you for the report - I will take a look at this.

Was this issue disclosed elsewhere?

ymaryshev 2013-01-24 15:36:10

We do not disclosure vulnerability details in case vendor accepts the problem and inform us about the fixing process.
__http://en.securitylab.ru/lab/disclosure-policy.php

Franz 2013-01-26 23:51:50

Okay, I will try to publish a fix this coming week.

Thank you for your patience!

Franz 2013-01-26 23:52:01

  • Owner set to Franz.

Franz 2013-02-06 00:03:50

Okay, I've found a library with a better random number generator, I believe. I'm working on incorporating it. The release process takes a bit, I'm hoping to do that at some point this week.

Franz 2013-02-21 23:07:52

Commit fefd7e5 to fluxbb master

#822: Use a better generator for random strings.

Franz 2013-02-21 23:12:27

Commit f9f0d03 to fluxbb master

#822: Use bin2hex() instead of a hashing function to create a readable string.

Franz 2013-02-21 23:20:41

  • Status changed from open to fixed.

Okay, I've got this fixed locally. Will push and publish a release tomorrow.

Thanks for the heads-up and sorry for the slow-ish response - investigating the proper solution took a while.

Franz 2013-02-21 23:21:15

Commit 84c5227 to fluxbb master

#822: Use base 64 encoding for more diverse readable strings.

ymaryshev 2013-02-22 04:38:21

Thanks for your work

Franz 2013-02-22 11:25:14

  • Visibility set to public.

quy 2013-07-07 17:11:33

Should this last commit be incorporated into 1.5.4?

Franz 2013-07-07 19:56:45

Why not. Just make sure the PHP 4 compatibility fixes are in there...

quy 2013-09-15 17:14:32

Commit 0f0fac9 to fluxbb master

#822: Move include line to the random_key function