Skip to content

Commit

Permalink
Fix EZP-24140: Potential vulnerability in eZ Publish password recovery
Browse files Browse the repository at this point in the history
Use openssl_random_pseudo_bytes() if available, otherwise fall back to mt_rand(). Use microtime() for entropy.

(cherry picked from commit 5908d5e)
  • Loading branch information
glye authored and Bertrand Dunogier committed May 11, 2015
1 parent 65b02b3 commit 658924e
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion kernel/user/forgotpassword.php
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,11 @@
$user = $users[0];
$time = time();
$userID = $user->id();
$hashKey = md5( $userID . ':' . $time . ':' . mt_rand() );
$hashKey = md5(
$userID . ':' . microtime() . ':' .
( function_exists( "openssl_random_pseudo_bytes" ) ?
openssl_random_pseudo_bytes( 32 ) : mt_rand() )
);

// Create forgot password object
if ( eZOperationHandler::operationIsAvailable( 'user_forgotpassword' ) )
Expand Down

0 comments on commit 658924e

Please sign in to comment.