Security: Insecure Generation of Random Tokens

Description

The random tokens for CSRF protection and password reset are generated by the method standAlonePage::generateRandomHash(). This method uses the insecure function mt_rand(). The output of this function is predictable and therefore not suitable for security purposes.

Instead of the insecure functions, random_bytes(), random_int() or the implementation for older PHP versions should be used.

Code Locations

• https://gitlab.fusiondirectory.org/fusiondirectory/fd/blob/1.2.1-fixes/html/class_passwordRecovery.inc#L233
• https://gitlab.fusiondirectory.org/fusiondirectory/fd/blob/1.3-dev/html/class_passwordRecovery.inc#L234
• https://gitlab.fusiondirectory.org/fusiondirectory/fd/blob/1.4-dev/html/class_passwordRecovery.inc#L233

Distribution Name and Version

Found by source code analysis.

FusionDirectory Version

Identified in all current development and master branch.

PHP version used

Found by source code analysis.

Origin of php packages

Found by source code analysis.

Steps to Reproduce

The vulnerability was discovered by code analysis but not implemented specific for FusionDirectory. Generally, an attacker can predict the tokens when he gathers few tokens or calculates random tokens from known seeds. See this page for details. There's also a tool for exploitation of such issues.

Actual behavior:

Predictable tokens are generated for security purposes.

Reproduces how often: 100%

Additional Information

• https://stackoverflow.com/questions/17362402/why-is-phps-mt-rand-not-cryptographically-secure
• https://softwareengineering.stackexchange.com/questions/76229/predicting-the-output-of-phps-rand