Amon2::Auth::Site::LINE Nonce Generation Vulnerability

A vulnerability exists in the Amon2::Auth::Site::LINE module, specifically in version 0.04, due to its use of the String::Random module for generating nonce values. String::Random defaults to Perl's built-in random number generator, the rand() function, which is predictable and not cryptographically secure. This lack of secure randomness can be exploited in scenarios where nonces are used for authentication or authorization purposes, potentially leading to replay attacks or other security issues.

Impact

The vulnerability allows for the generation of nonces that are not cryptographically secure, increasing the risk of replay attacks or other forms of unauthorized actions in the context of LINE authentication.

Reproduction

The vulnerability can be reproduced by using the Amon2::Auth::Site::LINE module version 0.04 and omitting the 'rand_gen' option in the constructor. This will result in the default behavior, where nonces are generated using the insecure rand() function. The nonces can then be observed and potentially reused in an unauthorized manner, exploiting the lack of randomness.

Remediation

Users can mitigate this vulnerability by specifying a secure random number generator when creating a new String::Random object. This can be done using the 'rand_gen' option, providing a reference to a subroutine that uses a cryptographically secure source of randomness, such as Crypt::URandom or Crypt::SysRandom.