[SECURITY] CWE-338: Vulnerability in JHipster Kotlin

[JLLeitschuh]

Due to the uncontrolled nature of the previous full disclosure of this vulnerability in jhipster-kotlin this is an 0-Day vulnerability disclosure for jhipster-kotlin.

See: jhipster/generator-jhipster#10401
GHSA-mwp6-j9wf-968c

There is currently no patch available at this time.

---

CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

JHipster is using an insecure source of randomness to generate all of it's random values. JHipster relies upon apache commons lang3 RandomStringUtils.

From the documentation:

Caveat: Instances of Random, upon which the implementation of this class relies, are not cryptographically secure.
- https://commons.apache.org/proper/commons-lang/javadocs/api-3.9/org/apache/commons/lang3/RandomStringUtils.html

Here are the examples of JHipster Kotlin's use of an insecure PRNG:

jhipster-kotlin/generators/server/templates/src/main/kotlin/package/service/util/RandomUtil.kt.ejs

Lines 27 to 62 in 193ae8f

	/**
	* Generate a password.
	*
	* @return the generated password.
	*/
	fun generatePassword(): String = RandomStringUtils.randomAlphanumeric(DEF_COUNT)
	/**
	* Generate an activation key.
	*
	* @return the generated activation key.
	*/
	fun generateActivationKey(): String = RandomStringUtils.randomNumeric(DEF_COUNT)
	/**
	* Generate a reset key.
	*
	* @return the generated reset key.
	*/
	fun generateResetKey(): String = RandomStringUtils.randomNumeric(DEF_COUNT)
	<%_ if (authenticationType === 'session' && !reactive) { _%>
	/**
	* Generate a unique series to validate a persistent token, used in the
	* authentication remember-me mechanism.
	*
	* @return the generated series data.
	*/
	fun generateSeriesData(): String = RandomStringUtils.randomAlphanumeric(DEF_COUNT)
	/**
	* Generate a persistent token, used in the authentication remember-me mechanism.
	*
	* @return the generated token data.
	*/
	fun generateTokenData(): String = RandomStringUtils.randomAlphanumeric(DEF_COUNT)

Proof Of Concepts Already Exist

There has been a POC of taking one RNG value generated RandomStringUtils and reversing it to generate all of the past/future RNG values public since March 3rd, 2018.

https://medium.com/@alex91ar/the-java-soothsayer-a-practical-application-for-insecure-randomness-c67b0cd148cd

POC Repository: https://github.com/alex91ar/randomstringutils

Potential Impact Technical

All that is required is to get one password reset token from a JHipster generated service and using the POC above, you can reverse what all future password reset tokens to be generated by this server. This allows an attacker to pick and choose what account they would like to takeover by sending account password reset requests for targeted accounts.

[atomfrede]

I can provide the patch right now (like in the jhipster kotlin advisory) but some needs to merge that or we just merge the one from the advisory, sadly I don't have permission

[pvliss]

I believe @sendilkumarn can merge

[atomfrede]

Until we have a new release there is workaround everyone should apply asap. Change you RandomUtil.kt like follows.

Important is to exchange every call of RandomStringUtils.randomAlphaNumeric with generateRandomAlphanumericString()

import java.security.SecureRandom
import org.apache.commons.lang3.RandomStringUtils

private const val DEF_COUNT = 20

object RandomUtil {
    private val secureRandom: SecureRandom = SecureRandom()

    init {
        secureRandom.nextBytes(byteArrayOf(64.toByte()))
    }

    private fun generateRandomAlphanumericString(): String {
        return RandomStringUtils.random(DEF_COUNT, 0, 0, true, true, null, secureRandom)
    }

    /**
    * Generate a password.
    *
    * @return the generated password.
    */
    fun generatePassword(): String = generateRandomAlphanumericString()
}