Skip to content
This repository has been archived by the owner on Mar 14, 2023. It is now read-only.

Math.random() is being used to generate "unique" identifiers ...possible to update to uuid generation? #9

Open
dosstx opened this issue Dec 11, 2020 · 0 comments

Comments

@dosstx
Copy link

dosstx commented Dec 11, 2020

Thank you for your contribution. I have used your fork in production and now get the following vulnerability items in a recent scan:

CWE Vulnerability Use of Insufficiently Random Values

Scanner Detail:

Abstract: The random number generator implemented by cannot withstand a cryptographic attack.Standard pseudorandom number generators cannot withstand cryptographic attacks. Explanation: Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in a security-sensitive context. In this case, the function that generates weak random numbers is in at line . Computers are deterministic machines, and as such are unable to produce true randomness. Pseudorandom Number Generators (PRNGs) approximate randomness algorithmically, starting with a seed from which subsequent values are calculated. There are two types of PRNGs: statistical and cryptographic. Statistical PRNGs provide useful statistical properties, but their output is highly predictable and form an easy to reproduce numeric stream that is unsuitable for use in cases where security depends on generated values being unpredictable. Cryptographic PRNGs address this problem by generating output that is more difficult to predict. For a value to be cryptographically secure, it must be impossible or highly improbable for an attacker to distinguish between the generated random value and a truly random value. In general, if a PRNG algorithm is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts, where its use can lead to serious vulnerabilities such as easy-to-guess temporary passwords, predictable cryptographic keys, session hijacking, and DNS spoofing. Example: The following code uses a statistical PRNG to create a URL for a receipt that remains active for some period of time after a purchase.

function genReceiptURL (baseURL){
var randNum = Math.random();
var receiptURL = baseURL + randNum + ".html";
return receiptURL;
}

This code uses the Math.random() function to generate "unique" identifiers for the receipt pages it generates. Since Math.random() is a statistical PRNG, it is easy for an attacker to guess the strings it generates. Although the underlying design of the receipt system is also faulty, it would be more secure if it used a random number generator that did not produce predictable receipt identifiers, such as a cryptographic PRNG.

Recommendations: When unpredictability is critical, as is the case with most security-sensitive uses of randomness, use a cryptographic PRNG. Regardless of the PRNG you choose, always use a value with sufficient entropy to seed the algorithm. (Do not use values such as the current time because it offers only negligible entropy.) In JavaScript, the typical recommendation is to use the window.crypto.random() function in the Mozilla API. However, this method does not work in many browsers, including more recent versions of Mozilla Firefox. There is currently no cross-browser solution for a robust cryptographic PRNG. In the meantime, consider handling any PRNG functionality outside of JavaScript.

I believe this may be due to the way JSO is randomizing the state?

/*
 * Returns a random string used for state
 */
utils.uuid = function() {
	return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
		var r = Math.random()*16|0, v = c == 'x' ? r : (r&0x3|0x8)
	    return v.toString(16)
	})
}

Since the original author of JSO is no longer responding or updating the package, are you able to update/fix this security issue?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant