what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

joomla-weakpassword.txt

joomla-weakpassword.txt
Posted Sep 11, 2008
Authored by Stefan Esser | Site sektioneins.de

Joomla versions 1.5.7 and below suffer form a weak random password reset token vulnerability.

tags | advisory
SHA-256 | f3a05de176b98357326a615c8a735e3cceca49d45366d2ac92f9ebe2230f981f

joomla-weakpassword.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


SektionEins GmbH
www.sektioneins.de

-= Security Advisory =-


Advisory: Joomla Weak Random Password Reset Token Vulnerability
Release Date: 2008/09/11
Last Modified: 2008/09/11
Author: Stefan Esser [stefan.esser[at]sektioneins.de]

Application: Joomla <= 1.5.7
Severity: Usage of mt_rand() and mt_srand() for generation
of cryptographic secrets like random password
reset tokens
Risk: High
Vendor Status: Vendor has released a partially fixed Joomla 1.5.7
Reference: http://www.sektioneins.de/advisories/SE-2008-04.txt
http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/


Overview:

Quote from http://www.joomla.org
"Joomla is an award-winning content management system (CMS), which
enables you to build Web sites and powerful online applications.
Many aspects, including its ease-of-use and extensibility, have
made Joomla the most popular Web site software available."

During an analysis of the password reset vulnerability fixed in
Joomla 1.5.6 we realized that Joomla does not only generate random
password reset tokens with mt_rand(), which is not secure enough
for cryptographic secrets anyway, but additionally initializes the
PRNG with a weak seed that results in less than 1.000.000 possible
password reset tokens.

Because there are only 1.000.000 possible password reset tokens an
attacker can trigger a reset of the admin password and then try out
all possible password reset tokens until he finds the correct one.
Even with a home DSL line (as used in germany) breaking into the
admin account should be possible in less than 3 hours. However
attackers are usually bouncing over much faster hosts.

In response to our report Joomla 1.5.7 was released (without sharing
the patch with us prior the release) which replaces the very weak PRNG
seeding with a new seed that is about 2^32 in strength. While this
stops the simple brute forcing attack Joomla's password reset token
is still vulnerable to mt_rand() leak attacks and because Joomla still
seeds the PRNG with mt_srand() it is a potential threat to other PHP
applications or plugins using mt_rand() on the same server.


Details:

The problems arising from using mt_(s)rand for cryptographic secrets
and possible attacks against PHP's PRNG and PHP applications using it
are explained by the blog post "mt_(s)rand and not so random numbers"
which is available here:

http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/


Proof of Concept:

SektionEins GmbH is not going to release a proof of concept
exploit for this vulnerability.


Disclosure Timeline:

15. Aug 2008 - Sent notification to Joomla about the vulnerability
20. Aug 2008 - Resent notification because no reply from Joomla
20. Aug 2008 - Received confirmation
21. Aug 2008 - Received a forwarded message from vendor-sec discussing
the vulnerability - obviously Joomla shared our report
with vendor-sec without asking or notifying us.
21. Aug 2008 - In a reply to the forwarded message we recommended NOT
TO USE mt_srand for the password reset
03. Sep 2008 - On Joomla.org appears a blog post notifying their users
that they should upgrade to Joomla 1.5.6 immediately
because of security issues with the password reset
09. Sep 2008 - The Joomla Development Team releases Joomla 1.5.7
without telling us about this or consulting us to review
their patch
11. Sep 2008 - Public Disclosure after learning about the new
Joomla 1.5.7 in the media


Recommendation:

It is recommended to upgrade not only to the latest version of Joomla
which also fixes additional vulnerabilities reported by third parties,
but also to install the Suhosin PHP extension, which comes with a
generic protection against mt_(s)rnad vulnerabilities.

Upgrading only Joomla does not fix the whole problem.

Grab your copies at:

http://www.joomla.org
http://www.suhosin.org


CVE Information:

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
not assigned a name to this vulnerability yet.


GPG-Key:

pub 1024D/15ABDA78 2004-10-17 Stefan Esser <stefan.esser@sektioneins.de>
Key fingerprint = 7806 58C8 CFA8 CE4A 1C2C 57DD 4AE1 795E 15AB DA78


Copyright 2008 SektionEins GmbH. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkjJLHkACgkQSuF5XhWr2njUYQCgq+5P1O+7llh32KXcCHqdQ/C4
QWoAoJGF6jt3rDyNM3ESDlfUA/NxW3f9
=AA3y
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close