Yii Framework Forum: Possible Security Bug? - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Possible Security Bug? In CWebUser Rate Topic: -----

#1 User is offline   Dalius 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 1
  • Joined: 20-June 11

Posted 19 November 2013 - 08:45 AM

CWebUser lines 460-462:

		if($cookie && !empty($cookie->value) && is_string($cookie->value) && ($data=$app->getSecurityManager()->validateData($cookie->value))!==false)
		{
			$data=@unserialize($data);


If a user can authenticate with cookie based authentification, he gains neccessary information to brute force the secret key used by CSecurityManager. Application security is dependant on an algorithm - because anyone with this key could possibly create a cookie with any data, which is directly passed to unserialize, i.e. arbitrary code execution. So my question is - how safe is this private key? Do we have a guarantee that it won't be brute forced by our users?

Any thoughts appreciated.

P.S. Not sure if this is the correct place to post this :)
0

#2 User is offline   nineinchnick 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 622
  • Joined: 12-September 11
  • Location:Bialystok, Poland

Posted 19 November 2013 - 11:17 AM

I think that such security concerns should be first discussed privately with the core developers, try contacting them. Don't post an issue on Github either.

I was about to ask how such bruteforce attack on the secret key could be performed, but let's wait for some core devs comment first.
Don't be a dick.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users