Insecure Randomness for encryption keys – (miniOrange <= 5.5.82)

Affected pluginminiOrange
Active installs20,000+
Vulnerable version<= 5.5.82
Audited version5.5.82
Fully patched version
Recommended remediationRemoval of the plugin

Description


The plugin uses a non-randomly-generated, eight-character string as OpenSSL encryption keys.

Proof of concept


The plugin uses OpenSSL to encrypt users’ TOTP secret keys in the database.

function mo_GAuth_set_secret($user_id,$secret){
  global $Mo2fdbQueries;
  $key=$this->random_str(8);
  update_user_meta( $user_id, 'mo2f_get_auth_rnd_string', $key);

  // EDITOR: $key is ultimately passed into openssl_encrpyt. 
  $secret=mo2f_GAuth_AESEncryption::encrypt_data_ga($secret,$key);
  update_user_meta( $user_id, 'mo2f_gauth_key', $secret);
}

The implementation of “random_str” uses PHP’s “rand” function, which is unacceptable in any cryptographic context.

function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
{
    $randomString = '';
    $charactersLength = strlen($keyspace);
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $keyspace[rand(0, $charactersLength - 1)];
    }
    return $randomString;
}

Caution

This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using random_int(), random_bytes(), or openssl_random_pseudo_bytes() instead.

https://www.php.net/manual/en/function.rand.php

Proposed patch


Use PHP’s random_int() function instead of rand to generate a “truly” random integer.

Timeline


Vendor contactedSeptember 12, 2022
First ResponseSeptember 16, 2022
Fully patched at
Publicly disclosedApril 24, 2023

Miscellaneous


Leave a Reply

Your email address will not be published. Required fields are marked *