FreshRSS Weak Randomness in Token Generation Allows Session Hijacking

A vulnerability in FreshRSS prior to version 1.28.0 allows for account takeover through session hijacking. The issue arises because the application uses weak random number generators, specifically mt_rand() and uniqid(), to create remember-me authentication tokens and challenge-response nonces. This weakness enables attackers to predict valid session tokens, exploiting the remember-me feature that provides permanent authentication. The vulnerability affects FreshRSS versions through 1.27.1.

Impact

Exploitation of this vulnerability allows for complete account takeover, with the hijacked session lasting up to 30 days, the default cookie duration.

Reproduction

To reproduce this vulnerability, log into FreshRSS and enable the 'Remember me' option. Capture the token generated in the FreshRSS_login cookie. The token generation can be predicted by analyzing the output of the uniqid() function, which lacks sufficient entropy, and by exploiting the predictability of mt_rand() after seeding the generator. Once a valid token is predicted, it can be used to authenticate and gain access to the account.

Remediation

Users can update to FreshRSS version 1.28.0, where this vulnerability has been patched.