exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Slim PHP Framework 2.5.0 Weak Cryptography

Slim PHP Framework 2.5.0 Weak Cryptography
Posted Mar 2, 2015
Authored by Scott Arciszewski

Slim PHP Framework versions 2.5.0 and below suffer weak cryptographic implementations.

tags | advisory, php
SHA-256 | 7304a663661117ba1736dac58d918a2592aaf4e52793385fbe106cd9354f2843

Slim PHP Framework 2.5.0 Weak Cryptography

Change Mirror Download
Product: Slim PHP Framework
Website: http://www.slimframework.com/
Affected versions: 2.5.0 and lower
Fixed in: 2.6.0 (released 2015-03-01)
CVSS Score: I don't care. Does anybody really?

>From their homepage:

"""
Slim has super-secure cryptography using military-grade encryption. Slim
uses your unique key to encrypt session and cookie data before persisting
data to disk.
"""

Wow, sounds great. Let's look under the hood.

https://github.com/slimphp/Slim/issues/1034
https://github.com/slimphp/Slim/issues/1035
https://github.com/slimphp/Slim/issues/1037

So not are they calling unserialize() on user data (hello PHP Object
Injection) in their SessionCookie class, but their "super-secure" crypto
library that uses "military-grade" encryption doesn't authenticate
ciphertexts. Oops.

And even if you were using the develop branch, there were a whole host of
issues with it (h/t Taylor Hornby for his 10 minute audit).

Their readme claims to encrypt cookie data, but this is moot since they're
using AES-CBC without any authentication. You just need 256 (128 on
average) tries per byte to change it to a valid value. Since the client
controls session state, you get unlimited tries.

After a lengthy discussion, I wrote a patch that replaced the serialization
with JSON encoding and closed one hole, but there are undoubtedly plenty
more that remain.

======================================================================
Vulnerable code:

https://github.com/slimphp/Slim/blob/3a2ac723f17b5d81607287ff28575d38b9fbc70e/Slim/Middleware/SessionCookie.php#L127

If you are using the Slim framework, you might not be vulnerable. If you
were using the session cookie feature (which limits the amount of data you
can store in $_SESSION to under 4 KB) on Slim 2.5.0 or older, you are
vulnerable. Upgrade to 2.6.0 immediately.
======================================================================

Speaking from personal experience, PHP developers catch a lot of flak from
the infosec community, and some of us don't really deserve it. It's
actually quite obnoxious.

That said, the owner of the Slim framework is also the author of PHP: The
Right Way. I'm a little disappointed that something so obvious would be
found in one of his projects. (Next thing you know, someone is going to
find a remotely exploitable vulnerability in Symfony, or something!) Silver
lining: he rolled out a new version the same day it was reported.

I only discovered this because someone complained that an Anti-CSRF library
wouldn't work with Slim. I'll leave the thought of "how many people could
have seen this and not reported it so they could silently exploit it for
fun and profit?" to your imagination since I have no data on this.

TL;DR - Slim users should upgrade to 2.6.0 as soon as possible. Developers
should stop using unserialize() on user input, and stop rolling out their
own cryptography libraries. Also, encryption is not authentication. Go play
with the Matasano Crypto Challenges for more on "unauthenticated CBC mode
is not secure".

Thank you and good night.

Scott Arciszewski

P.S. If anyone is interested in learning more about writing secure PHP
code, the http://www.securingphp.com newsletter is great. I highly
recommend it.


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close