Details
-
Bug
-
Resolution: Fixed
-
High
-
2.2.3, 2.3.2, 2.5.0, 2.4.2
-
None
-
[3.0] - Sprint 1
Description
My security spiderman senses react to this code in 2.5 (it's the same in older versions, only moved to a new location in 2.5)
https://github.com/ezsystems/ezplatform-user/blob/v1.0.0/src/bundle/Controller/PasswordResetController.php#L234
General concerns:
- MD5 hashes are very weak and should be avoided for security related code.
- microtime(true) does not necessarily give you microseconds. Default float precision used to be 12, which would give 0.01 sec precision. Now it's 14, which is better, but still not quite microsecond accuracy. 16 would be better. We don't know what precision is used in any installation unless we specifically check it.
- Logically it seems wrong to use the user email here, since several accounts can have the same email. User login would be the proper thing to use, if anything. It is also not good from an information disclosure point of view.
Vulnerability
Depending on PHP configuration and site setup, it may be easy to moderately easy to brute force the password reset hash.
Possible remedies:
Use a stronger hash, like password_hash. We are limited by db column length (32) here, but we can still use far stronger hashes than md5.Skipped the hash entirely, no point in hashing hex-encoded random bytes.- Use random_bytes rather than current time.
- Don't use the email here, or any other user specific info. With random_bytes we don't need it.
Limit the lifetime of the hash, if not already done.It's done, 1 hour by default, can be reduced.