Merge pull request hestiacp#2016 from hestiacp/fix/replace-uniqueid

jaapmarcus · web-flow · commit 644472056118 · 2021-07-26T18:58:00.000+02:00
Tighten security regarding token generation
diff --git a/web/login/index.php b/web/login/index.php
@@ -292,7 +292,8 @@ function authenticate_user($user, $password, $twofa = ''){
 }
 
 // Generate CSRF token
-$_SESSION['token'] = md5(uniqid(mt_rand(), true));
+$token = bin2hex(file_get_contents('/dev/urandom', false, null, 0, 16));
+$_SESSION['token'] = $token;
 
 require_once('../templates/header.html');
 if (!empty($_SESSION['login']['password'])) {

Original file line number	Diff line number	Diff line change
`@@ -292,7 +292,8 @@ function authenticate_user($user, $password, $twofa = ''){`
`292`	`292`	`}`
`293`	`293`
`294`	`294`	`// Generate CSRF token`
`295`		`-$_SESSION['token'] = md5(uniqid(mt_rand(), true));`
	`295`	`+$token = bin2hex(file_get_contents('/dev/urandom', false, null, 0, 16));`
	`296`	`+$_SESSION['token'] = $token;`
`296`	`297`
`297`	`298`	`require_once('../templates/header.html');`
`298`	`299`	`if (!empty($_SESSION['login']['password'])) {`