Joomla Weak Random Password Reset Token Vulnerability
11 Sep. 2008
"Joomla is an award-winning content management system (CMS), which enables you to build Web sites and powerful online applications. Many aspects, including its ease-of-use and extensibility, have made Joomla the most popular Web site software available."
During an analysis of the password reset vulnerability fixed in Joomla 1.5.6 we realized that Joomla does not only generate random password reset tokens with mt_rand(), which is not secure enough for cryptographic secrets anyway, but additionally initializes the PRNG with a weak seed that results in less than 1.000.000 possible password reset tokens.
Because there are only 1.000.000 possible password reset tokens an attacker can trigger a reset of the admin password and then try out all possible password reset tokens until he finds the correct one. Even with a home DSL line (as used in germany) breaking into the admin account should be possible in less than 3 hours. However attackers are usually bouncing over much faster hosts.
In response to our report Joomla 1.5.7 was released (without sharing the patch with us prior the release) which replaces the very weak PRNG seeding with a new seed that is about 2^32 in strength. While this stops the simple brute forcing attack Joomla's password reset token is still vulnerable to mt_rand() leak attacks and because Joomla still seeds the PRNG with mt_srand() it is a potential threat to other PHP applications or plugins using mt_rand() on the same server.
Proof of Concept:
SektionEins GmbH is not going to release a proof of concept exploit for this vulnerability.
15. Aug 2008 - Sent notification to Joomla about the vulnerability
20. Aug 2008 - Resent notification because no reply from Joomla
20. Aug 2008 - Received confirmation
21. Aug 2008 - Received a forwarded message from vendor-sec discussing the vulnerability - obviously Joomla shared our report with vendor-sec without asking or notifying us.
21. Aug 2008 - In a reply to the forwarded message we recommended NOT TO USE mt_srand for the password reset
03. Sep 2008 - On Joomla.org appears a blog post notifying their users that they should upgrade to Joomla 1.5.6 immediately because of security issues with the password reset
09. Sep 2008 - The Joomla Development Team releases Joomla 1.5.7 without telling us about this or consulting us to review their patch
11. Sep 2008 - Public Disclosure after learning about the new Joomla 1.5.7 in the media
It is recommended to upgrade not only to the latest version of Joomla which also fixes additional vulnerabilities reported by third parties, but also to install the Suhosin PHP extension, which comes with a generic protection against mt_(s)rnad vulnerabilities.
Upgrading only Joomla does not fix the whole problem.