FlyerTalk Forums - FlyerTalk Website security

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)

- Technical Support and Feedback (https://www.flyertalk.com/forum/technical-support-feedback-386/)

- - FlyerTalk Website security (https://www.flyertalk.com/forum/technical-support-feedback/1456977-flyertalk-website-security.html)

FlyerTalk Website security

Quote:

Originally Posted by Middle_Seat (Post 20553856)

FlyerTalk does not use SSL, and so its cookies are presumably easy to copy and therefore the bad guys can subsequently log into FT as you.

I took a look at the page code and found the following lines:

Quote:

<form action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">

<script type="text/javascript" src="http://ui.ibsrv.net/ibsrv/res/src:www.flyertalk.com/get/forum/clientscript/vbulletin_md5.js?v=376"></script>

It seems that FlyerTalk does not encrypt the login process either. Although the password hash is sent instead of the actual password, the function used is MD5 and there isn't any salting. This setup seems especially weak these days. I suppose an attacker could sniff the hash out of the open network and attempt some kind of dictionary attack against it, straight-out compromising the FT account and possibly others, if the password has been reused.

Quote:

Originally Posted by NameCoin (Post 20553968)

NameCoin is exactly right. These days MD5 are extraordinarily vulnerable to dictionary attacks especially since RockYou.com was hacked and 32+ million actual user passwords were made public. This dictionary is the gold standard and has allowed script kiddies to be credible hackers. Agree with others that FlyerTalk logins are a low value target, but salting the passwords is a relatively trivial task which would greatly improve the security.

Quote:

Originally Posted by Zarf4 (Post 20564209)

Hah, true, true. Fine, I'll suggest this to the board admins and we'll see what they say. :)

> I'll suggest this to the board admins and we'll see what they say.

We're all going to learn something important about the technical chops of the
board admins.

I moved these posts to their own thread, and will now move it to the Board Technical issues forum. In looking at the JavaScript that FT uses to hash passwords for login (and beautifying it to make it readable), we get:

Code:

var hexcase = 0;

var b64pad = "";

var chrsz = 8;



function hex_md5(A) {

    return binl2hex(core_md5(str2binl(A), A.length * chrsz))

}

function b64_md5(A) {

    return binl2b64(core_md5(str2binl(A), A.length * chrsz))

}

function str_md5(A) {

    return binl2str(core_md5(str2binl(A), A.length * chrsz))

}

function hex_hmac_md5(A, B) {

    return binl2hex(core_hmac_md5(A, B))

}

function b64_hmac_md5(A, B) {

    return binl2b64(core_hmac_md5(A, B))

}

function str_hmac_md5(A, B) {

    return binl2str(core_hmac_md5(A, B))

}

function core_md5(K, F) {

    K[F >> 5] |= 128 << ((F) % 32);

    K[(((F + 64) >>> 9) << 4) + 14] = F;

    var J = 1732584193;

    var I = -271733879;

    var H = -1732584194;

    var G = 271733878;

    for (var C = 0; C < K.length; C += 16) {

        var E = J;

        var D = I;

        var B = H;

        var A = G;

        J = md5_ff(J, I, H, G, K[C + 0], 7, -680876936);

        G = md5_ff(G, J, I, H, K[C + 1], 12, -389564586);

        H = md5_ff(H, G, J, I, K[C + 2], 17, 606105819);

        I = md5_ff(I, H, G, J, K[C + 3], 22, -1044525330);

        J = md5_ff(J, I, H, G, K[C + 4], 7, -176418897);

        G = md5_ff(G, J, I, H, K[C + 5], 12, 1200080426);

        H = md5_ff(H, G, J, I, K[C + 6], 17, -1473231341);

        I = md5_ff(I, H, G, J, K[C + 7], 22, -45705983);

        J = md5_ff(J, I, H, G, K[C + 8], 7, 1770035416);

        G = md5_ff(G, J, I, H, K[C + 9], 12, -1958414417);

        H = md5_ff(H, G, J, I, K[C + 10], 17, -42063);

        I = md5_ff(I, H, G, J, K[C + 11], 22, -1990404162);

        J = md5_ff(J, I, H, G, K[C + 12], 7, 1804603682);

        G = md5_ff(G, J, I, H, K[C + 13], 12, -40341101);

        H = md5_ff(H, G, J, I, K[C + 14], 17, -1502002290);

        I = md5_ff(I, H, G, J, K[C + 15], 22, 1236535329);

        J = md5_gg(J, I, H, G, K[C + 1], 5, -165796510);

        G = md5_gg(G, J, I, H, K[C + 6], 9, -1069501632);

        H = md5_gg(H, G, J, I, K[C + 11], 14, 643717713);

        I = md5_gg(I, H, G, J, K[C + 0], 20, -373897302);

        J = md5_gg(J, I, H, G, K[C + 5], 5, -701558691);

        G = md5_gg(G, J, I, H, K[C + 10], 9, 38016083);

        H = md5_gg(H, G, J, I, K[C + 15], 14, -660478335);

        I = md5_gg(I, H, G, J, K[C + 4], 20, -405537848);

        J = md5_gg(J, I, H, G, K[C + 9], 5, 568446438);

        G = md5_gg(G, J, I, H, K[C + 14], 9, -1019803690);

        H = md5_gg(H, G, J, I, K[C + 3], 14, -187363961);

        I = md5_gg(I, H, G, J, K[C + 8], 20, 1163531501);

        J = md5_gg(J, I, H, G, K[C + 13], 5, -1444681467);

        G = md5_gg(G, J, I, H, K[C + 2], 9, -51403784);

        H = md5_gg(H, G, J, I, K[C + 7], 14, 1735328473);

        I = md5_gg(I, H, G, J, K[C + 12], 20, -1926607734);

        J = md5_hh(J, I, H, G, K[C + 5], 4, -378558);

        G = md5_hh(G, J, I, H, K[C + 8], 11, -2022574463);

        H = md5_hh(H, G, J, I, K[C + 11], 16, 1839030562);

        I = md5_hh(I, H, G, J, K[C + 14], 23, -35309556);

        J = md5_hh(J, I, H, G, K[C + 1], 4, -1530992060);

        G = md5_hh(G, J, I, H, K[C + 4], 11, 1272893353);

        H = md5_hh(H, G, J, I, K[C + 7], 16, -155497632);

        I = md5_hh(I, H, G, J, K[C + 10], 23, -1094730640);

        J = md5_hh(J, I, H, G, K[C + 13], 4, 681279174);

        G = md5_hh(G, J, I, H, K[C + 0], 11, -358537222);

        H = md5_hh(H, G, J, I, K[C + 3], 16, -722521979);

        I = md5_hh(I, H, G, J, K[C + 6], 23, 76029189);

        J = md5_hh(J, I, H, G, K[C + 9], 4, -640364487);

        G = md5_hh(G, J, I, H, K[C + 12], 11, -421815835);

        H = md5_hh(H, G, J, I, K[C + 15], 16, 530742520);

        I = md5_hh(I, H, G, J, K[C + 2], 23, -995338651);

        J = md5_ii(J, I, H, G, K[C + 0], 6, -198630844);

        G = md5_ii(G, J, I, H, K[C + 7], 10, 1126891415);

        H = md5_ii(H, G, J, I, K[C + 14], 15, -1416354905);

        I = md5_ii(I, H, G, J, K[C + 5], 21, -57434055);

        J = md5_ii(J, I, H, G, K[C + 12], 6, 1700485571);

        G = md5_ii(G, J, I, H, K[C + 3], 10, -1894986606);

        H = md5_ii(H, G, J, I, K[C + 10], 15, -1051523);

        I = md5_ii(I, H, G, J, K[C + 1], 21, -2054922799);

        J = md5_ii(J, I, H, G, K[C + 8], 6, 1873313359);

        G = md5_ii(G, J, I, H, K[C + 15], 10, -30611744);

        H = md5_ii(H, G, J, I, K[C + 6], 15, -1560198380);

        I = md5_ii(I, H, G, J, K[C + 13], 21, 1309151649);

        J = md5_ii(J, I, H, G, K[C + 4], 6, -145523070);

        G = md5_ii(G, J, I, H, K[C + 11], 10, -1120210379);

        H = md5_ii(H, G, J, I, K[C + 2], 15, 718787259);

        I = md5_ii(I, H, G, J, K[C + 9], 21, -343485551);

        J = safe_add(J, E);

        I = safe_add(I, D);

        H = safe_add(H, B);

        G = safe_add(G, A)

    }

    return Array(J, I, H, G)

}

function md5_cmn(F, C, B, A, E, D) {

    return safe_add(bit_rol(safe_add(safe_add(C, F), safe_add(A, D)), E), B)

}

function md5_ff(C, B, G, F, A, E, D) {

    return md5_cmn((B & G) | ((~B) & F), C, B, A, E, D)

}

function md5_gg(C, B, G, F, A, E, D) {

    return md5_cmn((B & F) | (G & (~F)), C, B, A, E, D)

}

function md5_hh(C, B, G, F, A, E, D) {

    return md5_cmn(B ^ G ^ F, C, B, A, E, D)

}

function md5_ii(C, B, G, F, A, E, D) {

    return md5_cmn(G ^ (B | (~F)), C, B, A, E, D)

}

function core_hmac_md5(C, F) {

    var E = str2binl(C);

    if (E.length > 16) {

        E = core_md5(E, C.length * chrsz)

    }

    var A = Array(16),

        D = Array(16);

    for (var B = 0; B < 16; B++) {

        A[B] = E[B] ^ 909522486;

        D[B] = E[B] ^ 1549556828

    }

    var G = core_md5(A.concat(str2binl(F)), 512 + F.length * chrsz);

    return core_md5(D.concat(G), 512 + 128)

}

function safe_add(A, D) {

    var C = (A & 65535) + (D & 65535);

    var B = (A >> 16) + (D >> 16) + (C >> 16);

    return (B << 16) | (C & 65535)

}

function bit_rol(A, B) {

    return (A << B) | (A >>> (32 - B))

}

function str2binl(D) {

    var C = new Array();

    var A = (1 << chrsz) - 1;

    for (var B = 0; B < D.length * chrsz; B += chrsz) {

        C[B >> 5] |= (D.charCodeAt(B / chrsz) & A) << (B % 32)

    }

    return C

}

function binl2str(C) {

    var D = "";

    var A = (1 << chrsz) - 1;

    for (var B = 0; B < C.length * 32; B += chrsz) {

        D += String.fromCharCode((C[B >> 5] >>> (B % 32)) & A)

    }

    return D

}

function binl2hex(C) {

    var B = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";

    var D = "";

    for (var A = 0; A < C.length * 4; A++) {

        D += B.charAt((C[A >> 2] >> ((A % 4) * 8 + 4)) & 15) + B.charAt((C[A >> 2] >> ((A % 4) * 8)) & 15)

    }

    return D

}

function binl2b64(D) {

    var C = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

    var F = "";

    for (var B = 0; B < D.length * 4; B += 3) {

        var E = (((D[B >> 2] >> 8 * (B % 4)) & 255) << 16) | (((D[B + 1 >> 2] >> 8 * ((B + 1) % 4)) & 255) << 8) | ((D[B + 2 >> 2] >> 8 * ((B + 2) % 4)) & 255);

        for (var A = 0; A < 4; A++) {

            if (B * 8 + A * 6 > D.length * 32) {

                F += b64pad

            } else {

                F += C.charAt((E >> 6 * (3 - A)) & 63)

            }

        }

    }

    return F

}

function str_to_ent(D) {

    var A = "";

    var C;

    for (C = 0; C < D.length; C++) {

        var E = D.charCodeAt(C);

        var B = "";

        if (E > 255) {

            while (E >= 1) {

                B = "0123456789".charAt(E % 10) + B;

                E = E / 10

            }

            if (B == "") {

                B = "0"

            }

            B = "#" + B;

            B = "&" + B;

            B = B + ";";

            A += B

        } else {

            A += D.charAt(C)

        }

    }

    return A

}

function trim(A) {

    while (A.substring(0, 1) == " ") {

        A = A.substring(1, A.length)

    }

    while (A.substring(A.length - 1, A.length) == " ") {

        A = A.substring(0, A.length - 1)

    }

    return A

}

function md5hash(B, A, E, C) {

    if (navigator.userAgent.indexOf("Mozilla/") == 0 && parseInt(navigator.appVersion) >= 4) {

        var D = hex_md5(str_to_ent(trim(B.value)));

        A.value = D;

        if (E) {

            D = hex_md5(trim(B.value));

            E.value = D

        }

        if (!C) {

            B.value = ""

        }

    }

    return true

}

This is beyond my ken. As mentioned above, I asked the admins for comment and this was the reply:

Quote:

Originally Posted by IBxAnders

1) FT does not currently store very valuable private information that requires SSL; we don't collect medical or credit card data. SSL may be a good practice - but, perhaps an overkill. There are very few SSL'ed vBulletin sites.

2) Unsalted hash? Passwords are salted and encrypted well. Even if you received a copy of the database, decryption of the password field would be very difficult, although as with anything - not impossible.

I will give him the link to this thread if he'd like to wade in with y'all. :)

Quote:

vb_login_username=username&vb_login_password=&vb_l ogin_password_text=Password&s=&securitytoken=guest &do=login&vb_login_md5password=3c41ff681c1e3dcb68b 4d8573bf1c74c&vb_login_md5password_utf=3c41ff681c1 e3dcb68b4d8573bf1c74c

You can clearly see that I tried to login as "username". Now, instead of seeing the password in the clear, you see its MD5 hash: "3c41ff681c1e3dcb68b4d8573bf1c74c". The problem is that MD5 has been pretty well-studied and is considered to be very weak (e.g. collision attacks, pre-image attacks, etc...). There are also loads of lookup tables. In this example, you can go to http://www.md5-lookup.com/ and put in the hash mentioned above. It returns "thepassword" as the original string.

---------

I think that my post at the very top was taken in the context of the security of financial information over an open wireless internet connection. While it can be secure, my point was that usage of less sensitive sites (like FlyerTalk) can create a side security issue for people who reuse login information.

Quote:

Originally Posted by NameCoin (Post 20627581)

Sorry to revive a dead post. I forgot about this.

My original comment was actually to point out the fact that on the client side, the FlyerTalk forum does not do anything too sophisticated to login information. Here is an example: I tried to login as user "username" whose password is "thepassword". This is information from a packet I sniffed out:

You can clearly see that I tried to login as "username". Now, instead of seeing the password in the clear, you see its MD5 hash: "3c41ff681c1e3dcb68b4d8573bf1c74c". The problem is that MD5 has been pretty well-studied and is considered to be very weak (e.g. collision attacks, pre-image attacks, etc...). There are also loads of lookup tables. In this example, you can go to http://www.md5-lookup.com/ and put in the hash mentioned above. It returns "thepassword" as the original string.

---------

I think that my post at the very top was taken in the context of the security of financial information over an open wireless internet connection. While it can be secure, my point was that usage of less sensitive sites (like FlyerTalk) can create a side security issue for people who reuse login information.

That's actually pretty scary.

Fortunately, I almost never need to actually "log in" to FlyerTalk, as I am on FT frequently enough that my login session never times out. (I assume my password isn't being stored in a cookie somewhere and transmitted occasionally but rather some session ID is stored that--while it possibly could be spoofed to gain access to my FT account--won't compromise my actual password.)

IB, what are you going to do about this?

Quote:

Originally Posted by jackal (Post 20788909)

Answered here on 4/9:

http://www.flyertalk.com/forum/20564390-post1607.html

Short answer: logins are secure.

Quote:

Originally Posted by IBobi (Post 20790159)

Answered here on 4/9:

http://www.flyertalk.com/forum/20564390-post1607.html

Short answer: logins are secure.

Different issue.

You're talking about salting the database the passwords are stored in on your servers.

NameCoin is talking about the hash of the password as it is sent from our browsers to your servers during the login process--and he proved that it was easily broken.

Quote:

Originally Posted by jackal (Post 20790264)

If you are on a network that has been compromised and packets are actively being sniffed - then yes, a hacker can absolutely intercept and decode a password, not only for Flyertalk - but almost every forum and other web app.

We are not currently planning on putting the entire site behind an HTTPS proxy, nor re-writing core vBulletin components for additional encryption. While the perceived threat is real if some conditions are met, the use-case is not direct and I do not think presents a danger.

Quote:

Originally Posted by IBxAnders (Post 20790363)

Most every other site that asks me to submit a password has at least an encrypted login screen (if the entire site isn't encrypted), whether it's banking, email, or even Facebook. I'm hard-pressed to think of another site I use with any regularity that presents a possible threat of sniffing my password in [almost] clear-text.

It is extremely dangerous for you to tell people "don't worry, that coffee shop network you're using is probably secure." You should never assume that. Always treat browsing the Internet in a public place as if someone is looking over your shoulder at all times. I think you need to have a serious talk with your product people and rethink your entire company's approach to security. The lackadaisical attitude I'm seeing towards it is not very comforting to me.

Quote:

Originally Posted by jackal (Post 20790910)

Facts are:

- We will evaluate the improvement request, it's a valid request.
- This is not an emergency: this is an improvement request to prevent a potential vector if your network is already compromised.

Quote:

Originally Posted by IBxAnders (Post 20791090)

This is not an emergency: this is an improvement request to prevent a potential vector if your network is already compromised.

Keep in mind that this is FlyerTalk. A large number of us travel a lot and use public wifi hotspots across the globe. Keep your audience in mind when prioritizing this request.

--Posted from a public wifi spot in Panama City, Panama and hoping my account remains secure

Quick update on this request:

HTTPS / SSL is now available on Flyertalk. It is not yet made a default choice for all users, but those that wish to use the secure version may do so by manually requesting the forum via https instead of http.

Global mandatory rollout requires additional time due to obvious use-cases where we need to rebuild several components needed to support SSL.

But again - those that would like to use the SSL version, may do so via manually altering the URL (once) to HTTPS instead of HTTP.

For example: https://www.flyertalk.com/forum/tech...-security.html

Thank you

Quote:

Originally Posted by IBxAnders (Post 20916792)

EXCELLENT NEWS! ^^^

I look forward to being able to turn it on globally, but for now, when I am in a public place, I will use the secure login page and rest much easier using FT. :)