Skip to main content

Posts

Showing posts from March, 2014

A security bug in SymphonyCMS ( Predictable Forgotten Password Token Generation )

(This issue is now raised in OSVDB.)

On the 20th October 2013, The SymphonyCMS project released version 2.3.4 of their Content Management System. The release included a security fix for an issue I’d found in their software. The bug made it much easier for people to gain unauthorised access to the SymphonyCMS administration pages. More about that in a moment.
The date of the release is also relevant, its a couple of days shy of 60 days after I had informed the development team of the issue. When I’d informed the team of the bug, I’d mentioned that I’d blog about the issue, sometime on or after the 60 days had elapsed. (That was in line with my Responsible Disclosure policy at the time)
Which product had the bug?
Symphony CMS is a web content management system, built in PHP. It appears to be used by several larger companies & organisations, learn more here
What was the bug?
The forgotten password functionality in v2.3.3 had a weakness, This meant an attacker could bypass the normal logi…