Cloudreve Account Takeover Vulnerability via Weak Cryptographic Token Generation

A vulnerability allowing account takeover has been identified in Cloudreve, a self-hosted file management and sharing system, in versions prior to 4.13.0. The issue arises because the application uses a weak pseudo-random number generator, math/rand, seeded with time.Now().UnixNano(), to create critical security secrets such as secret_key and hash_id_salt. These secrets are generated during the initial startup and stored in the database. An attacker can exploit this vulnerability by obtaining the administrator's account creation time through public API endpoints, which helps narrow down the search for the PRNG seed. By using a known hashid to validate the seed, an attacker can brute-force the seed— a process demonstrated to take less than three hours on a typical consumer PC. Successfully predicting the secret_key allows the attacker to forge valid JSON Web Tokens (JWTs) for any user, including administrators, resulting in full account takeover and privilege escalation.

Impact

Exploitation of this vulnerability allows for full account takeover and privilege escalation, particularly affecting administrator accounts.

Remediation

Users are advised to upgrade to Cloudreve version 4.13.0, which addresses the vulnerability by using a cryptographically secure random number generator for sensitive fields. If an immediate upgrade is not possible, administrators can manually rotate the critical secrets in the configuration file to invalidate potential exploits. This involves stopping the Cloudreve service, replacing the existing secret_key value in the database with a long, random string, and then restarting the service. Note that this workaround will log out all active users.