what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

WordPress Failed Randomness

WordPress Failed Randomness
Posted Feb 12, 2015
Authored by Scott Arciszewski

All versions of WordPress fail to implement a cryptographically secure pseudorandom number generator.

tags | advisory
advisories | CVE-2014-6412
SHA-256 | 170595a1bbe7e09d77645ac1e3ed66ad3b2cd04dd4cb157b616751c9edc794df

WordPress Failed Randomness

Change Mirror Download
Ticket opened: 2014-06-25
Affected Versions: ALL
Problem: No CSPRNG
Patch available, collecting dust because of negligent (and questionably
competent) WP maintainers

On June 25, 2014 I opened a ticked on WordPress's issue tracker to expose a
cryptographically secure pseudorandom number generator, since none was
present (although it looks like others have tried to hack together a
band-aid solution to mitigate php_mt_seed until WordPress gets their "let's
support PHP < 5.3" heads out of their asses).

For the past 8 months, I have tried repeatedly to raise awareness of this
bug, even going as far as to attend WordCamp Orlando to troll^H advocate
for its examination in person. And they blew me off every time.

If anyone with RNG breaking experience (cough solar designer cough) can PoC
it, without the patch I've provided you should be able to trivially predict
the password reset token for admin users and take over any WordPress site
completely.

Eight fucking months.

Patch available with unit tests and PHP 5.2 on Windows support at
https://core.trac.wordpress.org/attachment/ticket/28633/28633.3.patch

Scott
https://scott.arciszewski.me
@voodooKobra


Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close