Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Fake Accounts on your site

Hi,

after looking for a while in various settings i found it...
right on top of the admin panel :D

Warhammerers Online Admin Panel - v7.00.05

I'll have a talk with the other admins.

Quote

Ken wrote:
... but somehow they have found a securityhole. If the email-verification system worked, it should not be able for anyone who use a gibberish email to register.

Verification codes can be predicted/calculated.

\includes\classes\UserFieldInput.class.php lines 411-414 deal with generating email verification code on account registration:
[syntaxhighlighter brush=php,first-line=411,highlight=0,collapse=false,html-script=false]
mt_srand((double)microtime()*1000000); $salt = "";
for ($i = 0; $i <= 10; $i++) { $salt .= chr(rand(97, 122)); }
$user_code = md5($this->_userEmail.$salt);
$email_verify_link = $settings['siteurl']."edit_profile.php?code=".$user_code;[/syntaxhighlighter]Function rand() (line 412) is used to randomly return an int; this function however, produces "equally divided" results.

Beneath is a comparison of a 400 x 400px image generated by output from rand() (left part of image, which illustrates what is meant by "equally divided"wink and mt_rand() (right part of image):

oi43.tinypic.com/vwtppl.jpg

Also, mt_srand() is used on line 411 (in an attempt) to seed the function used to return random integers. mt_srand() however, seeds the mt_rand() function (though regular rand() is used (which can be seeded using mt_rand())).

I suggest to:
  • replace rand() (line 412) by mt_rand().
  • include mt_srand() (line 411) in the for-loop.

P.S.: though mt_rand() greatly decreases predictability for returned results (see image for comparison), it's not deemed cryptographically secure.
Thread Information
Author
Replies
22 posts
Views
11471 times
Last Post
Last updated on 8 years ago
You can view all discussion threads in this forum.
You cannot set up a bounty in this discussion thread.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
You cannot up or down-vote on the post in this discussion thread.
Users who participated in discussion: Ken, Craig, smokeman, HobbyMan, PolarFox, MM, icb, Samuel, Gillette, Vyper69, KasteR, Masy, halo_fourteen