Amon2 Insecure Random String Implementation Vulnerability in Perl

A vulnerability exists in Amon2 versions prior to 6.17 for Perl, where the random_string function used for security purposes does not generate cryptographically secure random values. In versions 6.06 through 6.16, the function attempts to read from /dev/urandom, but falls back on a method that concatenates a SHA-1 hash seeded with the unreliable rand() function, the process ID, and the high-resolution epoch time. This fallback is predictable, as the PID comes from a limited range and the epoch time can be guessed or inferred from the HTTP Date header. Prior to version 6.06, the function lacked a fallback for random generation when /dev/urandom was unavailable, and before version 6.04, it relied solely on the rand() function to create a mixed-case alphanumeric string. This flawed random string generation may be exploited in scenarios where secure tokens are required, such as session IDs, cookie encryption or signing secrets, and Cross-Site Request Forgery (CSRF) tokens.

Impact

The vulnerability allows for the generation of predictable random strings, which can compromise the security of session IDs, CSRF tokens, and other secrets used in the application.

Remediation

Users can upgrade to Amon2 version 6.17 or later, where the random_string implementation has been replaced with a secure version that uses Crypt::SysRandom. Instructions for upgrading can be found in the Amon2 GitHub repository.