Closed
Bug 814659
Opened 12 years ago
Closed 11 years ago
[Homescreen] Vulnerability analysis issues - DoATAPI.js
Categories
(Firefox OS Graveyard :: Gaia::Everything.me, defect)
Tracking
(b2g18+ fixed, b2g18-v1.0.1 fixed)
RESOLVED
FIXED
People
(Reporter: macajc, Assigned: evyatar)
References
Details
Attachments
(1 file)
|
231 bytes,
text/html
|
crdlc
:
review+
lsblakk
:
approval-gaia-v1+
|
Details |
We have run an automated vulnerability analysis on the Gaia code.
After manually filtering the results we have found the following possible issue on the Homescreen app:
* everything.me/js/api/DoATAPI.js
On lines 877 and 594 of DoATAPI.js the program uses insecure Randomness. Standard pseudo-random number generators cannot withstand cryptographic attacks.
875 var queryString = {};
876 (location.search || '').replace(/(?:[?&]|^)([^=]+)=([^&]*)/g, function(ig, k, v) {queryString[k] = v;})
877 return queryString["did"] || "web_" + (new Date()).getTime() + "" + Math.round(Math.random()*1234567890);
878 }
592
593 this.generateId = function() {
594 return SESSION_PREFIX + Math.round(Math.random()*1234567890);
595 };
596
The standard pseudorandom generator isn't good enough for anything that requires non predictability.
If this session is used to keeping track of a session at the server, a more robust generator should be used.
http://baagoe.org/en/w/index.php/Better_random_numbers_for_javascript
homescreen's everything.me/js/api/DoATAPI.js can be checked for a better way to implement this.
|
||
Updated•12 years ago
|
Assignee: nobody → ran
|
Reporter | |
Updated•12 years ago
|
Assignee: ran → nobody
|
|
||
Updated•12 years ago
|
Component: Gaia::Homescreen → Gaia::Everything.me
|
|
Reporter | |
Comment 1•12 years ago
|
||
>> homescreen's everything.me/js/api/DoATAPI.js can be checked for a better way to >> implement this.
Sorry for the error. This should read "Calendar's js/ext/uuid.js can be checked for a better way to securely implement random number generation"
|
||
Comment 2•11 years ago
|
||
We'll implement the uuid.js to replace Math.random()
|
Assignee | |
Comment 3•11 years ago
|
||
Assignee: nobody → evyatar
Attachment #707034 -
Flags: review?(crdlc)
Attachment #707034 -
Flags: approval-gaia-v1?(francisco.jordano)
|
|
||
Updated•11 years ago
|
Status: NEW → ASSIGNED
|
|
||
Comment 4•11 years ago
|
||
Comment on attachment 707034 [details]
Patch - redirect to github PR
ok from my side
Attachment #707034 -
Flags: review?(crdlc) → review+
|
||
Comment 5•11 years ago
|
||
Nominating as tracking-b2g18 cause it could represent a security issue. The bug is reviewed, IMHO, we should accept it for v1-train. Thanks, F.
tracking-b2g18:
--- → ?
|
||
Updated•11 years ago
|
|
|
||
Comment 6•11 years ago
|
||
Comment on attachment 707034 [details]
Patch - redirect to github PR
approving for v1-train.
Attachment #707034 -
Flags: approval-gaia-v1?(francisco.jordano) → approval-gaia-v1+
|
|
Assignee | |
Updated•11 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
||
Comment 7•11 years ago
|
||
382badc6261f37155b9876eb56aa6f97b4b73f83
|
|
||
Comment 8•11 years ago
|
||
(In reply to John Ford [:jhford] from comment #7) > 382badc6261f37155b9876eb56aa6f97b4b73f83 v1-train: 382badc6261f37155b9876eb56aa6f97b4b73f83
status-b2g18:
--- → fixed
|
|
||
Comment 9•11 years ago
|
||
Batch edit: bugs fixed on b2g18 since 1/25 branch of v1.0 are fixed on v1.0.1
status-b2g18-v1.0.1:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•