Headline
CVE-2022-28892: Bug #1930171 “Strengthen the non-cryptographically random genera...” : Bugs : Mahara
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.
Strengthen the non-cryptographically random generated tokens
Bug #1930171 reported by Robert Lyon on 2021-05-30
This bug affects 1 person
Affects
Status
Importance
Assigned to
Milestone
Mahara
Status tracked in 22.04
20.10
Fix Released
High
Unassigned
Mahara 20.10.5
21.04
Fix Released
High
Unassigned
Mahara 21.04.4
21.10
Fix Released
High
Unassigned
Mahara 21.10.2
22.04
Fix Released
High
Unassigned
Mahara 22.04.0
Bug Description
In Mahara we have a CSRF token called ‘sesskey’ which is generated in an old style guessable way.
We need to update this to do the following:
Make the token more random using by using random_int() - That generates cryptographically secure pseudo-random integers
Rename the ‘sesskey’ to avoid confusion between this token and actual session key - need to change it to be some more obscure / generic name
Look at making the CSRF token be in the custom headers space rather than as a form field - to avoid having it exposed in GET urls etc
Make sure all the places we use get_random_key() are changed to the more secure way