Langgenius Dify Account Takeover Vulnerability via Weak Pseudo-Random Number Generator in Password Reset Codes

A vulnerability in Langgenius Dify version 0.10.1 allows account takeover, including administrative accounts, by exploiting a weak pseudo-random number generator (PRNG) used to create password reset codes. The application relies on 'random.randint' for this task, which is not cryptographically secure and can be predicted. An attacker with access to workflow tools can intercept the PRNG output, anticipate future password reset codes, and fully compromise user accounts.

Impact

Exploitation of this vulnerability leads to unauthorized password resets, allowing attackers to gain access to any user account, including those with administrative privileges.

Reproduction

To reproduce this vulnerability, first extract the PRNG output by sending a crafted request through a workflow tool that accesses the 'Cogview' endpoint. This request should be repeated approximately 3000 times to collect enough data. After gathering the PRNG seeds, crack them using a modified version of the 'not_random' Mersenne Twister cracker, which retrieves the internal state of the PRNG. Once the PRNG state is backported to generate random integers, use the extracted codes to reset passwords via the application's password reset functionality.