We discovered several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. These random number generators are used in the following method calls:
Zend_Ldap_Attribute::createPassword
Zend_Form_Element_Hash::_generateHash
Zend_Gdata_HttpClient::filterHttpRequest
Zend_Filter_Encrypt_Mcrypt::_srand
Zend_OpenId::randomBytes
In each case, the methods were using rand()
or mt_rand()
, neither of which
can generate cryptographically secure values. This could potentially lead to
information disclosure should an attacker be able to brute force the random
number generation.
Moreover, we discovered a potential security issue in the usage of the
openssl_random_pseudo_bytes()
function in Zend_Crypt_Math::randBytes
, reported in PHP BUG
#70014, and the security implications
reported in a discussion on the random_compat library.
We replaced the usage of rand()
and mt_rand()
with the random generators of
ZF1 implemented in Zend_Crypt_Math().
Moreover, we removed the usage of openssl_random_pseudo_bytes()
functions in
Zend_Crypt_Math::randBytes()
. This removal is not a BC break for Linux users
thanks to the usage of /dev/urandom
as an entropy source. For Windows users,
this can be a BC break if the Mcrypt extension is not enabled.
The following releases contain the fixes:
If you are using an affected version of PHP, we highly recommend upgrading immediately to Zend Framework 1.12.18.
The Zend Framework team thanks the following for identifying the issues and working with us to help protect its users:
Released 2016-04-13
Have you identified a security vulnerability?
Please report it to us at zf-security@zend.com