Improper use of random module

Bug #1071067 reported by David Glick on 2012-10-24
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Zope 2
Undecided
Unassigned

Bug Description

Christian Heimes made the following report to the Plone security team:

---

Hello,

yesterday a security researcher claimed on the Python bug tracker that
he had found a security issue in Python's random module which affects
several Python web frameworks [1]. He stated that the deterministic
results of the random module can lead to breach in security. The
ticket was closed by me after we explained that the random module is
deliberately designed to create deterministic and thus predictable
random value. Its Mersenne-Twister creates statistically well
distributed numbers and not cryptographically strong random data.

In other words the random module is not a CPRNG [2] and must not be
used for any crypto and security related usage. random.SystemRandom is
only the exception to the rule as it uses os.urandom() as PRNG source.
os.urandom() is suitable for most cryptographic purposes except for
long-lived data like SSL certs.

Plone, Zope, Paste and possible other 3rd party components are using
the random module where a CPRNG is required. I suggest that you modify
your code and replace the random module with either an instance of
random.SystemRandom or os.urandom(). Improper use for the random
module are for example:

    password creation
    salt
    session keys
    digest auth
    non-deterministic ids (e.g. uuid, etags)

os.urandom() may not be available on some systems and raise
NotImplementedError. The Django and CherryPy sources contain good
examples how to deal with it.

Regards
Christian

---

In Zope2, at least AccessControl.AuthEncoding and Products.Sessions.BrowserIdManager should probably be updated to use SystemRandom when available.

CVE References

Hanno Schlichting (hannosch) wrote :

The attached patch is for Zope 2.12 for the browser id manager and auth encoding usage of random. For good measure I also put in a constant time comparison function. The code is basically a copy of django.utils.crypto.

Locally I've already prepared the code for all the other branches and the standalone AccessControl library. Unless someone wants me to hold back those fixes, I'll release them tomorrow on Tuesday Oct 30 in new releases of all the projects.

David Glick (davisagli) wrote :

The Plone security team is planning to release a patch for some related issues in Plone on Tues, Nov. 6.

Changed in zope2:
milestone: none → 2.13.19
status: New → Fix Released
Tres Seaver (tseaver) on 2012-11-15
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers