[SECURITY] Fix multiple critical vulnerabilities in authentication system #1369
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… key - Upgrade password generation from mt_rand() to cryptographically secure random functions - Fix weak password hashing (MD5+SHA1) by implementing password_hash() with backward compatibility - Prevent SQL injection in CopyAdminTable() with table name whitelist validation - Enable SSL verification in email sending functions - Remove debug function that could leak sensitive information - Improve token generation security Hardcoded Cryptographic Key (CWE-321): Fix Applied: -Added get_crypto_key() function that generates unique keys per installation -Keys are generated using random_bytes() or openssl_random_pseudo_bytes() -Fallback mechanism with warnings for older PHP versions -Keys can be stored in configuration files outside web root Impact: Prevents universal compromise where attackers with one installation's data can compromise ALL installations. Weak Password Hashing (CWE-327): Fix Applied: -Added deprecation warning for old passwordhash() function I-mplemented password_hash() with PASSWORD_DEFAULT (bcrypt/Argon2) -Maintains backward compatibility for existing hashes -Added proper password verification with password_verify() Impact: Passwords are now properly hashed using modern algorithms, resistant to brute force attacks. Insecure Random Generation (CWE-338): Fix Applied: -Replaced mt_rand() with random_int() (PHP 7.0+) -Fallback to openssl_random_pseudo_bytes() for older PHP -Only uses mt_rand() as last resort with security warnings -Applied to password generation, salt creation, and token generation Impact: Random values (passwords, salts, tokens) are now cryptographically secure and unpredictable. #Added table name validation in CopyAdminTable() -Enabled SSL verification - Fixed email sending security -Removed debug function - Eliminated information leakage risk
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
… key - Upgrade password generation from mt_rand() to cryptographically secure random functions - Fix weak password hashing (MD5+SHA1) by implementing password_hash() with backward compatibility - Prevent SQL injection in CopyAdminTable() with table name whitelist validation - Enable SSL verification in email sending functions - Remove debug function that could leak sensitive information - Improve token generation security
Hardcoded Cryptographic Key (CWE-321):
Fix Applied:
-Added get_crypto_key() function that generates unique keys per installation -Keys are generated using random_bytes() or openssl_random_pseudo_bytes() -Fallback mechanism with warnings for older PHP versions -Keys can be stored in configuration files outside web root
Impact: Prevents universal compromise where attackers with one installation's data can compromise ALL installations.
Weak Password Hashing (CWE-327):
Fix Applied:
-Added deprecation warning for old passwordhash() function I-mplemented password_hash() with PASSWORD_DEFAULT (bcrypt/Argon2) -Maintains backward compatibility for existing hashes -Added proper password verification with password_verify()
Impact: Passwords are now properly hashed using modern algorithms, resistant to brute force attacks.
Insecure Random Generation (CWE-338):
Fix Applied:
-Replaced mt_rand() with random_int() (PHP 7.0+)
-Fallback to openssl_random_pseudo_bytes() for older PHP -Only uses mt_rand() as last resort with security warnings
-Applied to password generation, salt creation, and token generation
Impact: Random values (passwords, salts, tokens) are now cryptographically secure and unpredictable.
#Added table name validation in CopyAdminTable()
-Enabled SSL verification - Fixed email sending security -Removed debug function - Eliminated information leakage risk