Skip to content

Insecure Password Storage Using MD5 Hash Algorithm in ThreadController.php #8

Description

@KanjiHall

Summary:

I found a security vulnerability in PHPWind's source code in the file \phpwind\upload\src\applications\native\controller\ThreadController.php. The code uses the MD5 hash algorithm to store user passwords, which is considered insecure.

Vulnerability Description:

MD5 is an outdated and cryptographically insecure hashing algorithm. It is susceptible to brute-force attacks and collisions, which means attackers can easily reverse-engineer MD5 hashes to retrieve plaintext passwords.

if ($pwforum->foruminfo['password']) {//设置了版块访问密码
            if (!$this->loginUser->isExists()) {
//                $this->forwardAction('u/login/run', array('backurl' => WindUrlHelper::createUrl('bbs/cate/run', array('fid' => $fid))));
                $this->showError('该版块为加密版块您需要先登录才能访问!');
            } else if(!isset($_GET['password'])||empty($_GET['password'])){//提示输入密码
                $data = array('page_info'=>array(),'user_info'=>array('uid'=>$this->uid,'isjoin'=>$forum_isjoin,'forum_login'=>0),'forum_info'=>'','threads_list'=>array());
                $this->setOutput($data,'data');
                $this->showMessage('NATIVE:data.success');
            }elseif (Pw::getPwdCode($pwforum->foruminfo['password']) != Pw::getPwdCode(**md5($_GET['password']))**) {//密码错误
//                $this->forwardAction('bbs/forum/password', array('fid' => $fid));
                $data = array('page_info'=>array(),'user_info'=>array('uid'=>$this->uid,'isjoin'=>$forum_isjoin,'forum_login'=>1),'forum_info'=>'','threads_list'=>array());
                $this->setOutput($data,'data');
                $this->showMessage('NATIVE:data.success');
            } 
        }

Impact:

This vulnerability exposes user passwords to potential compromise and puts the security of the entire PHPWind application at risk.

Recommendation:

I recommend updating the password storage mechanism to use a more secure hashing algorithm such as bcrypt, Argon2, or at least SHA-256 with a salt. These algorithms provide better protection against brute-force and collision attacks.

Additional Information:

The issue is present in the ThreadController.php file in the source code of PHPWind.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions