Impact
Tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess user tokens and, once successful, change user passwords, including that of a system administrator.
Patches
Pathced in version 1.19.24.5415 (started to use more secure tokens) with an additional improvement in 1.19.24.5416 (limited an available window for brute force token guessing).
Workarounds
Upgrade recommended. If not practical update password_reset.php file in the root of Time Tracker source code tree as so:
Replace the line 49:
$temp_ref = md5(uniqid());
with the following code:
$cryptographically_strong = true;
$random_bytes = openssl_random_pseudo_bytes(16, $cryptographically_strong);
if ($random_bytes === false) die ("openssl_random_pseudo_bytes function call failed...");
$temp_ref = bin2hex($random_bytes);
References
Some more information is here.
For more information
If you have any questions or comments about this advisory:
Tethik Analyst
Impact
Tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess user tokens and, once successful, change user passwords, including that of a system administrator.
Patches
Pathced in version 1.19.24.5415 (started to use more secure tokens) with an additional improvement in 1.19.24.5416 (limited an available window for brute force token guessing).
Workarounds
Upgrade recommended. If not practical update password_reset.php file in the root of Time Tracker source code tree as so:
Replace the line 49:
$temp_ref = md5(uniqid());with the following code:
$cryptographically_strong = true;$random_bytes = openssl_random_pseudo_bytes(16, $cryptographically_strong);if ($random_bytes === false) die ("openssl_random_pseudo_bytes function call failed...");$temp_ref = bin2hex($random_bytes);References
Some more information is here.
For more information
If you have any questions or comments about this advisory: