[erlang-questions] Yaws security alert - Yaws 1.93

Geoff Cant <>
Wed Jun 20 23:10:08 CEST 2012


Hi Klake,

Is the problem related to predictable seeding of random (set to {A,B,C} = erlang:now() at some point) or is it a bigger break in taking a series of outputs from random:uniform and working out the internal state from that? Just trying to figure out if kallez's attack is a brute force discovery of a weak seed, or if it's a more complete break of the generator itself given an unknown seed.

Cheers,
-Geoff

On 2012-06-20, at 13:58 , Claes Wikstrom wrote:

> 
> I just posted the following note on the Yaws list, all of you
> using Yaws for production with cookie based auth need to take action.
> Actually, anyone using random:uniform/1 for anything security related
> need to pay attention.
> 
> /klacke
> 
> ---------------
> 
> 
> Folks,
> 
> New yaws release which contains a fix to pretty serious security hole.
> The relevant relnote entry is:
> 
> Use crypto:rand_bytes() instead of the cryptographically weak random module. Swedish security consultant and cryptographer Kalle Zetterlund discovered a way to - given a sequence of cookies produced by yaws_session_server - predict the next session id. Thus providing a gaping security hole into yaws servers that use the yaws_session_server to maintain cookie based HTTP sessions (klacke/kallez)
> 
> 
> It's been almost 6 months since the last release, so this one also contains
> a long series of good fixes and improvements from a lot of good people.
> 
> Thanks everyone !!
> 
> 
> Code, release, relnotes, docs etc at http://yaws.hyber.org/
> 
> Yaws team -
> 
> /klacke/Steve/Christopher
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions

--
Geoff Cant







More information about the erlang-questions mailing list