Strengthen the non-cryptographically random generated tokens
Bug #1930171 reported by
Robert Lyon
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Unassigned | ||
20.10 |
Fix Released
|
High
|
Unassigned | ||
21.04 |
Fix Released
|
High
|
Unassigned | ||
21.10 |
Fix Released
|
High
|
Unassigned | ||
22.04 |
Fix Released
|
High
|
Unassigned |
Bug Description
In Mahara we have a CSRF token called 'sesskey' which is generated in an old style guessable way.
We need to update this to do the following:
1) Make the token more random using by using random_int() - That generates cryptographically secure pseudo-random integers
2) Rename the 'sesskey' to avoid confusion between this token and actual session key - need to change it to be some more obscure / generic name
3) Look at making the CSRF token be in the custom headers space rather than as a form field - to avoid having it exposed in GET urls etc
4) Make sure all the places we use get_random_key() are changed to the more secure way
CVE References
no longer affects: | mahara/20.04 |
information type: | Private Security → Public Security |
To post a comment you must log in.
Related to https:/ /cve.mitre. org/cgi- bin/cvename. cgi?name= 2021-29349 but is specifically looking at the random token generator
Vulnerability type: CSRF
Attack type: Physical?
Impact: Information disclosure, other
Affected components: Non-cryptograph ically random generated tokens are too easily guessable. They should be rendered in a cryptographical way. The current function to generate random keys is not random enough.
Suggested description: Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.
Reported by: Catalyst IT /bugs.launchpad .net/mahara/ +bug/1930171 /cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2022- 28892
Bug report: https:/
CVE reference: CVE-2022-28892 https:/