2011-06-01 10:48:19 |
David |
bug |
|
|
added bug |
2011-06-01 10:55:43 |
David |
description |
Binary package hint: cherokee
cherokee seeds srand local user known inputs (the ~time and the pid of the admin process) and then uses rand() to generate a random password.
This is not safe. A evil local user guess the generated password within < ~200 attempts.
Vulnerable code:
static ret_t
generate_admin_password (cherokee_buffer_t *buf)
{
cuint_t i;
cuint_t n;
srand(getpid()*time(NULL));
for (i=0; i<PASSWORD_LEN; i++) {
n = rand()%(sizeof(ALPHA_NUM)-1);
cherokee_buffer_add_char (buf, ALPHA_NUM[n]);
}
return ret_ok;
} |
Binary package hint: cherokee
cherokee seeds srand local user known inputs (the ~time and the pid of the admin process) and then uses rand() to generate a random password.
This is not safe. An evil local user can guess the generated password within < ~200 attempts.
Vulnerable code:
static ret_t
generate_admin_password (cherokee_buffer_t *buf)
{
cuint_t i;
cuint_t n;
srand(getpid()*time(NULL));
for (i=0; i<PASSWORD_LEN; i++) {
n = rand()%(sizeof(ALPHA_NUM)-1);
cherokee_buffer_add_char (buf, ALPHA_NUM[n]);
}
return ret_ok;
} |
|
2011-06-01 10:57:23 |
David |
description |
Binary package hint: cherokee
cherokee seeds srand local user known inputs (the ~time and the pid of the admin process) and then uses rand() to generate a random password.
This is not safe. An evil local user can guess the generated password within < ~200 attempts.
Vulnerable code:
static ret_t
generate_admin_password (cherokee_buffer_t *buf)
{
cuint_t i;
cuint_t n;
srand(getpid()*time(NULL));
for (i=0; i<PASSWORD_LEN; i++) {
n = rand()%(sizeof(ALPHA_NUM)-1);
cherokee_buffer_add_char (buf, ALPHA_NUM[n]);
}
return ret_ok;
} |
Binary package hint: cherokee
cherokee seeds srand with a combination of the the ~time and the pid of the admin process after which - rand() is called to generate a random password.
This is not safe. An evil local user can guess the generated password within < ~200 attempts.
Vulnerable code:
static ret_t
generate_admin_password (cherokee_buffer_t *buf)
{
cuint_t i;
cuint_t n;
srand(getpid()*time(NULL));
for (i=0; i<PASSWORD_LEN; i++) {
n = rand()%(sizeof(ALPHA_NUM)-1);
cherokee_buffer_add_char (buf, ALPHA_NUM[n]);
}
return ret_ok;
} |
|
2011-06-01 10:57:58 |
David |
description |
Binary package hint: cherokee
cherokee seeds srand with a combination of the the ~time and the pid of the admin process after which - rand() is called to generate a random password.
This is not safe. An evil local user can guess the generated password within < ~200 attempts.
Vulnerable code:
static ret_t
generate_admin_password (cherokee_buffer_t *buf)
{
cuint_t i;
cuint_t n;
srand(getpid()*time(NULL));
for (i=0; i<PASSWORD_LEN; i++) {
n = rand()%(sizeof(ALPHA_NUM)-1);
cherokee_buffer_add_char (buf, ALPHA_NUM[n]);
}
return ret_ok;
} |
Binary package hint: cherokee
cherokee seeds srand with a combination of the the time and the pid of the admin process after which - rand() is called to generate a random password.
This is not safe. An evil local user can guess the generated password within < ~200 attempts.
Vulnerable code:
static ret_t
generate_admin_password (cherokee_buffer_t *buf)
{
cuint_t i;
cuint_t n;
srand(getpid()*time(NULL));
for (i=0; i<PASSWORD_LEN; i++) {
n = rand()%(sizeof(ALPHA_NUM)-1);
cherokee_buffer_add_char (buf, ALPHA_NUM[n]);
}
return ret_ok;
} |
|
2011-06-01 11:01:31 |
David |
description |
Binary package hint: cherokee
cherokee seeds srand with a combination of the the time and the pid of the admin process after which - rand() is called to generate a random password.
This is not safe. An evil local user can guess the generated password within < ~200 attempts.
Vulnerable code:
static ret_t
generate_admin_password (cherokee_buffer_t *buf)
{
cuint_t i;
cuint_t n;
srand(getpid()*time(NULL));
for (i=0; i<PASSWORD_LEN; i++) {
n = rand()%(sizeof(ALPHA_NUM)-1);
cherokee_buffer_add_char (buf, ALPHA_NUM[n]);
}
return ret_ok;
} |
Binary package hint: cherokee
cherokee seeds srand with a combination of the the time and the pid of the admin process after which - rand() is called to generate a random password.
This is not safe. An evil local user can guess the generated password within ~200 attempts.
Vulnerable code:
static ret_t
generate_admin_password (cherokee_buffer_t *buf)
{
cuint_t i;
cuint_t n;
srand(getpid()*time(NULL));
for (i=0; i<PASSWORD_LEN; i++) {
n = rand()%(sizeof(ALPHA_NUM)-1);
cherokee_buffer_add_char (buf, ALPHA_NUM[n]);
}
return ret_ok;
} |
|
2011-06-01 15:48:34 |
David |
visibility |
private |
public |
|
2011-06-03 15:25:42 |
Jamie Strandboge |
cherokee (Ubuntu): status |
New |
Triaged |
|
2011-06-03 16:03:57 |
Jamie Strandboge |
bug watch added |
|
http://code.google.com/p/cherokee/issues/detail?id=1212 |
|
2011-06-03 16:03:57 |
Jamie Strandboge |
bug task added |
|
cherokee |
|