[erlang-questions] Yaws security alert - Yaws 1.93
Geoff Cant
nem@REDACTED
Wed Jun 20 23:10:08 CEST 2012
Hi Klake,
Is the problem related to predictable seeding of random (set to {A,B,C} = erlang:now() at some point) or is it a bigger break in taking a series of outputs from random:uniform and working out the internal state from that? Just trying to figure out if kallez's attack is a brute force discovery of a weak seed, or if it's a more complete break of the generator itself given an unknown seed.
Cheers,
-Geoff
On 2012-06-20, at 13:58 , Claes Wikstrom wrote:
>
> I just posted the following note on the Yaws list, all of you
> using Yaws for production with cookie based auth need to take action.
> Actually, anyone using random:uniform/1 for anything security related
> need to pay attention.
>
> /klacke
>
> ---------------
>
>
> Folks,
>
> New yaws release which contains a fix to pretty serious security hole.
> The relevant relnote entry is:
>
> Use crypto:rand_bytes() instead of the cryptographically weak random module. Swedish security consultant and cryptographer Kalle Zetterlund discovered a way to - given a sequence of cookies produced by yaws_session_server - predict the next session id. Thus providing a gaping security hole into yaws servers that use the yaws_session_server to maintain cookie based HTTP sessions (klacke/kallez)
>
>
> It's been almost 6 months since the last release, so this one also contains
> a long series of good fixes and improvements from a lot of good people.
>
> Thanks everyone !!
>
>
> Code, release, relnotes, docs etc at http://yaws.hyber.org/
>
> Yaws team -
>
> /klacke/Steve/Christopher
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
--
Geoff Cant
More information about the erlang-questions
mailing list