github
/
phpservermon
mirror of https://github.com/phpservermon/phpservermon
1
0
Fork 0
Code Issues Releases Wiki Activity

SECURITY: Replaced mt_rand with random_bytes 

https://huntr.dev/bounties/2-phpservermon/phpservermon/
CWE-1241: Use of Predictable Algorithm in Random Number Generator
pull/1133/head
Tim Zandbergen 2021-06-23 22:06:34 +02:00
parent bb10a5f3c6
commit 3daa804d5f
No known key found for this signature in database
GPG Key ID: 4D8268DC68E8339D
3 changed files with 26 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/includes/psmconfig.inc.php
View File

@ -30,7 +30,7 @@
/** /**
* Current PSM version * Current PSM version
*/ */
define('PSM_VERSION', '3.6.0.beta2'); define('PSM_VERSION', '3.6.0');
/** /**
* URL to check for updates. Will not be checked if turned off on config page. * URL to check for updates. Will not be checked if turned off on config page.

4
src/psm/Service/User.php
View File

@ -390,8 +390,8 @@ class User
} }
// generate timestamp (to see when exactly the user (or an attacker) requested the password reset mail) // generate timestamp (to see when exactly the user (or an attacker) requested the password reset mail)
$temporary_timestamp = time(); $temporary_timestamp = time();
// generate random hash for email password reset verification (40 char string) // generate random hash for email password reset verification (64 char string)
$user_password_reset_hash = sha1(uniqid(mt_rand(), true)); $user_password_reset_hash = hash('sha256', uniqid(random_bytes(64), true));
$query_update = $this->db_connection->prepare('UPDATE ' . $query_update = $this->db_connection->prepare('UPDATE ' .
PSM_DB_PREFIX . 'users SET password_reset_hash = :user_password_reset_hash, PSM_DB_PREFIX . 'users SET password_reset_hash = :user_password_reset_hash,

5
src/psm/Util/Install/Installer.php
View File

@ -212,7 +212,7 @@ class Installer
`user_id` int(11) unsigned NOT NULL AUTO_INCREMENT, `user_id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`user_name` varchar(64) NOT NULL COMMENT 'user''s name, unique', `user_name` varchar(64) NOT NULL COMMENT 'user''s name, unique',
`password` varchar(255) NOT NULL COMMENT 'user''s password in salted and hashed format', `password` varchar(255) NOT NULL COMMENT 'user''s password in salted and hashed format',
`password_reset_hash` char(40) DEFAULT NULL COMMENT 'user''s password reset code', `password_reset_hash` varchar(64) DEFAULT NULL COMMENT 'user''s password reset code',
`password_reset_timestamp` bigint(20) DEFAULT NULL COMMENT 'timestamp of the password reset request', `password_reset_timestamp` bigint(20) DEFAULT NULL COMMENT 'timestamp of the password reset request',
`rememberme_token` varchar(64) DEFAULT NULL COMMENT 'user''s remember-me cookie token', `rememberme_token` varchar(64) DEFAULT NULL COMMENT 'user''s remember-me cookie token',
`level` tinyint(2) unsigned NOT NULL DEFAULT '20', `level` tinyint(2) unsigned NOT NULL DEFAULT '20',
@ -732,6 +732,7 @@ class Installer
/** /**
* Patch for v3.6.0 release * Patch for v3.6.0 release
* Added support for Discord and webhooks * Added support for Discord and webhooks
* Password_reset_hash varchar 40 -> 64 to allow for SHA256 hash
*/ */
protected function upgrade360() protected function upgrade360()
{ {
@ -758,6 +759,8 @@ class Installer
$queries[] = "INSERT INTO `" . PSM_DB_PREFIX . "users` ( $queries[] = "INSERT INTO `" . PSM_DB_PREFIX . "users` (
`user_name`, `level`, `name`, `email`) `user_name`, `level`, `name`, `email`)
VALUES ('__PUBLIC__', 30, 'Public page', 'publicpage@psm.psm')"; VALUES ('__PUBLIC__', 30, 'Public page', 'publicpage@psm.psm')";
$queries[] = "ALTER TABLE `" . PSM_DB_PREFIX . "users`
CHANGE `password_reset_hash` `password_reset_hash` VARCHAR( 64 ) DEFAULT NULL COMMENT 'user''s password reset code';";
$this->execSQL($queries); $this->execSQL($queries);
$this->log('Public page is now available. Added user \'__PUBLIC__\'. See documentation for more info.'); $this->log('Public page is now available. Added user \'__PUBLIC__\'. See documentation for more info.');