Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/9/2015
07:50 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

PHP Hash Comparison Weakness A Threat To Websites, Researcher Says

Flaw could allow attackers to compromise user accounts, WhiteHat Security's Robert Hansen -- aka "RSnake" -- says in new finding on 'Magic Hash' vulnerability.

A weakness in the manner in which PHP handles hashed strings in certain situations gives attackers an opportunity to try and compromise authentication systems, passwords, and other functions involving hash comparisons in PHP, a researcher from WhiteHat Security says.

Robert Hansen, vice president of WhiteHat, describes the issue as one that affects any website that uses two specific types of operators for comparing hashes in PHP.

The issue mostly affects authentication, but it could also effect "forgot password" flows, nonces, binary checking, cookies, and passwords, among other things, Hansen, aka RSnake, told Dark Reading. "It totally depends on the website, and how it's constructed."

The problem exists in the manner in which PHP handles hashed strings when either the double equal (==) or "!=" operators are used to compare them. When either of these two operators is used for comparing hashes, PHP interprets any hashed value beginning with ‘0e’ as having the value 0.

So if two different passwords are hashed and both their hashed values begin with ‘0e’ followed by numerals, PHP will interpret both as having the value 0. Even though the hash values for both passwords are completely different, PHP would treat them both as the number zero if both begin with 0e and when either ‘==’ or ‘!=’ are used.

“Think of "0e..." as being the scientific notation for "0 to the power of some value" and that is always "0", Hansen noted in a blog post Friday. “PHP interprets the string as an Integer.”

The implications are huge because it gives attackers a way to try and compromise user accounts by entering a string that when hashed gets equated to zero by PHP. If a password in the database is represented the same way, the attacker will get access to the account, Hansen said.

The problem itself has been known for at least a year, Hansen said. But what hasn’t been available are examples of hash types that when hashed begin with the ‘0e’ format that ends up getting equated to zero, he said.

In a blog, Hansen listed several "magic" numbers that he found could be used as passwords, which when hashed, end up being treated as 0 by PHP.

When such hashes are compared against the hashes of actual password, values that are also treated as 0 by PHP they end up getting evaluated as being equivalent, or true.  In such cases attackers will be able to log into the account without the valid password, he said.

To find the strings, Hansen iterated over 1 billion hashed integers of different hash types like MD5 and SHA1. Though the technique was inefficient it was reasonably effective at finding strings that triggered the weakness for most hash algorithms with a length of 32 characters or less, Hansen said in his blog.

Hansen said he estimated the chances of a 32-character hash triggering the issue was somewhere in the range of 1 in 200 million. While that might seem like an extremely low probability, it is often enough for attackers to want to try and trigger the flaw especially on a high volume website or one with a lot of credentials.

Addressing the problem is very simple, he said. Websites using PHP should analyze their code for hash comparisons in PHP using ‘==’ or ‘!= and change them to ‘===’ or ‘!==’ respectively, he said.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
KGutzmann201
50%
50%
KGutzmann201,
User Rank: Apprentice
5/14/2015 | 11:35:37 AM
Re: One of These Things (Is Not Like the Others)
PHP programmers may want to consider using hexadecimal representations of the hashes [0-0a-f] and for comparison the PHP operator 'strcmp' or 'strcasecmp'.  These are 'binary-safe comparison' operators for string equality.  Return value is 0 for equal, and a negative or positive integer otherwise (indicating the less-than or greater-than relationship of the strings).
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
5/9/2015 | 6:26:29 PM
One of These Things (Is Not Like the Others)
Josh Wright over at SANS pen-testing blog talked about this not long ago.  His assessment was that since SHA1 hashes are longer than MD5 hashes, the first step is to stop using MD5:  

"Since SHA1 hashes are longer than MD5 hashes, it is less likely that a randomly selected value will meet the 0 + e + digits rule for PHP to evaluate it as an exponential value. "  

Also, as noted here, PHP programmers may want to review their comparison operators tables and choose wisely, especially, as Josh notes, understanding the distinction between "==" and "===" in PHP; according to his sources as well, Josh notes the issue is not inherent in "===".

Now the question is, how many PHP have this issue buried in their code.  Getting some practical code examples of solid alternatives in PHP and some Python scripting to help find instances in your PHP where this is an issue would be great to share.

 
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing Writer,  6/21/2019
AWS CISO Talks Risk Reduction, Development, Recruitment
Kelly Sheridan, Staff Editor, Dark Reading,  6/25/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1619
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session ...
CVE-2019-1620
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could ex...
CVE-2019-1621
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker...
CVE-2019-1622
PUBLISHED: 2019-06-27
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software...
CVE-2019-10133
PUBLISHED: 2019-06-26
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.