Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/9/2015
07:50 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

PHP Hash Comparison Weakness A Threat To Websites, Researcher Says

Flaw could allow attackers to compromise user accounts, WhiteHat Security's Robert Hansen -- aka "RSnake" -- says in new finding on 'Magic Hash' vulnerability.

A weakness in the manner in which PHP handles hashed strings in certain situations gives attackers an opportunity to try and compromise authentication systems, passwords, and other functions involving hash comparisons in PHP, a researcher from WhiteHat Security says.

Robert Hansen, vice president of WhiteHat, describes the issue as one that affects any website that uses two specific types of operators for comparing hashes in PHP.

The issue mostly affects authentication, but it could also effect "forgot password" flows, nonces, binary checking, cookies, and passwords, among other things, Hansen, aka RSnake, told Dark Reading. "It totally depends on the website, and how it's constructed."

The problem exists in the manner in which PHP handles hashed strings when either the double equal (==) or "!=" operators are used to compare them. When either of these two operators is used for comparing hashes, PHP interprets any hashed value beginning with ‘0e’ as having the value 0.

So if two different passwords are hashed and both their hashed values begin with ‘0e’ followed by numerals, PHP will interpret both as having the value 0. Even though the hash values for both passwords are completely different, PHP would treat them both as the number zero if both begin with 0e and when either ‘==’ or ‘!=’ are used.

“Think of "0e..." as being the scientific notation for "0 to the power of some value" and that is always "0", Hansen noted in a blog post Friday. “PHP interprets the string as an Integer.”

The implications are huge because it gives attackers a way to try and compromise user accounts by entering a string that when hashed gets equated to zero by PHP. If a password in the database is represented the same way, the attacker will get access to the account, Hansen said.

The problem itself has been known for at least a year, Hansen said. But what hasn’t been available are examples of hash types that when hashed begin with the ‘0e’ format that ends up getting equated to zero, he said.

In a blog, Hansen listed several "magic" numbers that he found could be used as passwords, which when hashed, end up being treated as 0 by PHP.

When such hashes are compared against the hashes of actual password, values that are also treated as 0 by PHP they end up getting evaluated as being equivalent, or true.  In such cases attackers will be able to log into the account without the valid password, he said.

To find the strings, Hansen iterated over 1 billion hashed integers of different hash types like MD5 and SHA1. Though the technique was inefficient it was reasonably effective at finding strings that triggered the weakness for most hash algorithms with a length of 32 characters or less, Hansen said in his blog.

Hansen said he estimated the chances of a 32-character hash triggering the issue was somewhere in the range of 1 in 200 million. While that might seem like an extremely low probability, it is often enough for attackers to want to try and trigger the flaw especially on a high volume website or one with a lot of credentials.

Addressing the problem is very simple, he said. Websites using PHP should analyze their code for hash comparisons in PHP using ‘==’ or ‘!= and change them to ‘===’ or ‘!==’ respectively, he said.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
KGutzmann201
50%
50%
KGutzmann201,
User Rank: Apprentice
5/14/2015 | 11:35:37 AM
Re: One of These Things (Is Not Like the Others)
PHP programmers may want to consider using hexadecimal representations of the hashes [0-0a-f] and for comparison the PHP operator 'strcmp' or 'strcasecmp'.  These are 'binary-safe comparison' operators for string equality.  Return value is 0 for equal, and a negative or positive integer otherwise (indicating the less-than or greater-than relationship of the strings).
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
5/9/2015 | 6:26:29 PM
One of These Things (Is Not Like the Others)
Josh Wright over at SANS pen-testing blog talked about this not long ago.  His assessment was that since SHA1 hashes are longer than MD5 hashes, the first step is to stop using MD5:  

"Since SHA1 hashes are longer than MD5 hashes, it is less likely that a randomly selected value will meet the 0 + e + digits rule for PHP to evaluate it as an exponential value. "  

Also, as noted here, PHP programmers may want to review their comparison operators tables and choose wisely, especially, as Josh notes, understanding the distinction between "==" and "===" in PHP; according to his sources as well, Josh notes the issue is not inherent in "===".

Now the question is, how many PHP have this issue buried in their code.  Getting some practical code examples of solid alternatives in PHP and some Python scripting to help find instances in your PHP where this is an issue would be great to share.

 
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...