Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 17 Aug 2015 22:37:23 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: olivier@...tomlesspit.org, f.labreche@...il.com, cve-assign@...re.org
Subject: Re: CVE request - simple-php-captcha - captcha bypass vulnerability

On Mon, Aug 17, 2015 at 01:55:48PM -0400, cve-assign@...re.org wrote:
> > https://github.com/claviska/simple-php-captcha/issues/16
> 
> Use CVE-2015-6250 for the original issue that the "srand(microtime() *
> 100)" call is counterproductive because, especially in cases of good
> time synchronization, the client is able to run the same srand call as
> the server.

FWIW, time synchronization was irrelevant.  The original report said:

"Since microtime() is used both in the initial seed for the captcha and
in the captcha url path sent to the client, [...]"

This is referring to:

$image_src = substr(__FILE__, strlen( realpath($_SERVER['DOCUMENT_ROOT']) )) . '?_CAPTCHA&amp;t=' . urlencode(microtime());

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ