FlyerTalk Website security
#1
Original Poster
Join Date: Apr 2013
Location: LAX
Posts: 63
FlyerTalk Website security
<!-- login form -->
<form action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
<script type="text/javascript" src="http://ui.ibsrv.net/ibsrv/res/src:www.flyertalk.com/get/forum/clientscript/vbulletin_md5.js?v=376"></script>
<form action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
<script type="text/javascript" src="http://ui.ibsrv.net/ibsrv/res/src:www.flyertalk.com/get/forum/clientscript/vbulletin_md5.js?v=376"></script>
#2
Join Date: Aug 2005
Location: SNA Rwy 20L
Programs: QF Silver
Posts: 703
It seems that FlyerTalk does not encrypt the login process either. Although the password hash is sent instead of the actual password, the function used is MD5 and there isn't any salting. This setup seems especially weak these days. I suppose an attacker could sniff the hash out of the open network and attempt some kind of dictionary attack against it, straight-out compromising the FT account and possibly others, if the password has been reused.
#3
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
NameCoin is exactly right. These days MD5 are extraordinarily vulnerable to dictionary attacks especially since RockYou.com was hacked and 32+ million actual user passwords were made public. This dictionary is the gold standard and has allowed script kiddies to be credible hackers. Agree with others that FlyerTalk logins are a low value target, but salting the passwords is a relatively trivial task which would greatly improve the security.
#5
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
I moved these posts to their own thread, and will now move it to the Board Technical issues forum. In looking at the JavaScript that FT uses to hash passwords for login (and beautifying it to make it readable), we get:
This is beyond my ken. As mentioned above, I asked the admins for comment and this was the reply:
I will give him the link to this thread if he'd like to wade in with y'all.
Code:
var hexcase = 0; var b64pad = ""; var chrsz = 8; function hex_md5(A) { return binl2hex(core_md5(str2binl(A), A.length * chrsz)) } function b64_md5(A) { return binl2b64(core_md5(str2binl(A), A.length * chrsz)) } function str_md5(A) { return binl2str(core_md5(str2binl(A), A.length * chrsz)) } function hex_hmac_md5(A, B) { return binl2hex(core_hmac_md5(A, B)) } function b64_hmac_md5(A, B) { return binl2b64(core_hmac_md5(A, B)) } function str_hmac_md5(A, B) { return binl2str(core_hmac_md5(A, B)) } function core_md5(K, F) { K[F >> 5] |= 128 << ((F) % 32); K[(((F + 64) >>> 9) << 4) + 14] = F; var J = 1732584193; var I = -271733879; var H = -1732584194; var G = 271733878; for (var C = 0; C < K.length; C += 16) { var E = J; var D = I; var B = H; var A = G; J = md5_ff(J, I, H, G, K[C + 0], 7, -680876936); G = md5_ff(G, J, I, H, K[C + 1], 12, -389564586); H = md5_ff(H, G, J, I, K[C + 2], 17, 606105819); I = md5_ff(I, H, G, J, K[C + 3], 22, -1044525330); J = md5_ff(J, I, H, G, K[C + 4], 7, -176418897); G = md5_ff(G, J, I, H, K[C + 5], 12, 1200080426); H = md5_ff(H, G, J, I, K[C + 6], 17, -1473231341); I = md5_ff(I, H, G, J, K[C + 7], 22, -45705983); J = md5_ff(J, I, H, G, K[C + 8], 7, 1770035416); G = md5_ff(G, J, I, H, K[C + 9], 12, -1958414417); H = md5_ff(H, G, J, I, K[C + 10], 17, -42063); I = md5_ff(I, H, G, J, K[C + 11], 22, -1990404162); J = md5_ff(J, I, H, G, K[C + 12], 7, 1804603682); G = md5_ff(G, J, I, H, K[C + 13], 12, -40341101); H = md5_ff(H, G, J, I, K[C + 14], 17, -1502002290); I = md5_ff(I, H, G, J, K[C + 15], 22, 1236535329); J = md5_gg(J, I, H, G, K[C + 1], 5, -165796510); G = md5_gg(G, J, I, H, K[C + 6], 9, -1069501632); H = md5_gg(H, G, J, I, K[C + 11], 14, 643717713); I = md5_gg(I, H, G, J, K[C + 0], 20, -373897302); J = md5_gg(J, I, H, G, K[C + 5], 5, -701558691); G = md5_gg(G, J, I, H, K[C + 10], 9, 38016083); H = md5_gg(H, G, J, I, K[C + 15], 14, -660478335); I = md5_gg(I, H, G, J, K[C + 4], 20, -405537848); J = md5_gg(J, I, H, G, K[C + 9], 5, 568446438); G = md5_gg(G, J, I, H, K[C + 14], 9, -1019803690); H = md5_gg(H, G, J, I, K[C + 3], 14, -187363961); I = md5_gg(I, H, G, J, K[C + 8], 20, 1163531501); J = md5_gg(J, I, H, G, K[C + 13], 5, -1444681467); G = md5_gg(G, J, I, H, K[C + 2], 9, -51403784); H = md5_gg(H, G, J, I, K[C + 7], 14, 1735328473); I = md5_gg(I, H, G, J, K[C + 12], 20, -1926607734); J = md5_hh(J, I, H, G, K[C + 5], 4, -378558); G = md5_hh(G, J, I, H, K[C + 8], 11, -2022574463); H = md5_hh(H, G, J, I, K[C + 11], 16, 1839030562); I = md5_hh(I, H, G, J, K[C + 14], 23, -35309556); J = md5_hh(J, I, H, G, K[C + 1], 4, -1530992060); G = md5_hh(G, J, I, H, K[C + 4], 11, 1272893353); H = md5_hh(H, G, J, I, K[C + 7], 16, -155497632); I = md5_hh(I, H, G, J, K[C + 10], 23, -1094730640); J = md5_hh(J, I, H, G, K[C + 13], 4, 681279174); G = md5_hh(G, J, I, H, K[C + 0], 11, -358537222); H = md5_hh(H, G, J, I, K[C + 3], 16, -722521979); I = md5_hh(I, H, G, J, K[C + 6], 23, 76029189); J = md5_hh(J, I, H, G, K[C + 9], 4, -640364487); G = md5_hh(G, J, I, H, K[C + 12], 11, -421815835); H = md5_hh(H, G, J, I, K[C + 15], 16, 530742520); I = md5_hh(I, H, G, J, K[C + 2], 23, -995338651); J = md5_ii(J, I, H, G, K[C + 0], 6, -198630844); G = md5_ii(G, J, I, H, K[C + 7], 10, 1126891415); H = md5_ii(H, G, J, I, K[C + 14], 15, -1416354905); I = md5_ii(I, H, G, J, K[C + 5], 21, -57434055); J = md5_ii(J, I, H, G, K[C + 12], 6, 1700485571); G = md5_ii(G, J, I, H, K[C + 3], 10, -1894986606); H = md5_ii(H, G, J, I, K[C + 10], 15, -1051523); I = md5_ii(I, H, G, J, K[C + 1], 21, -2054922799); J = md5_ii(J, I, H, G, K[C + 8], 6, 1873313359); G = md5_ii(G, J, I, H, K[C + 15], 10, -30611744); H = md5_ii(H, G, J, I, K[C + 6], 15, -1560198380); I = md5_ii(I, H, G, J, K[C + 13], 21, 1309151649); J = md5_ii(J, I, H, G, K[C + 4], 6, -145523070); G = md5_ii(G, J, I, H, K[C + 11], 10, -1120210379); H = md5_ii(H, G, J, I, K[C + 2], 15, 718787259); I = md5_ii(I, H, G, J, K[C + 9], 21, -343485551); J = safe_add(J, E); I = safe_add(I, D); H = safe_add(H, B); G = safe_add(G, A) } return Array(J, I, H, G) } function md5_cmn(F, C, B, A, E, D) { return safe_add(bit_rol(safe_add(safe_add(C, F), safe_add(A, D)), E), B) } function md5_ff(C, B, G, F, A, E, D) { return md5_cmn((B & G) | ((~B) & F), C, B, A, E, D) } function md5_gg(C, B, G, F, A, E, D) { return md5_cmn((B & F) | (G & (~F)), C, B, A, E, D) } function md5_hh(C, B, G, F, A, E, D) { return md5_cmn(B ^ G ^ F, C, B, A, E, D) } function md5_ii(C, B, G, F, A, E, D) { return md5_cmn(G ^ (B | (~F)), C, B, A, E, D) } function core_hmac_md5(C, F) { var E = str2binl(C); if (E.length > 16) { E = core_md5(E, C.length * chrsz) } var A = Array(16), D = Array(16); for (var B = 0; B < 16; B++) { A[B] = E[B] ^ 909522486; D[B] = E[B] ^ 1549556828 } var G = core_md5(A.concat(str2binl(F)), 512 + F.length * chrsz); return core_md5(D.concat(G), 512 + 128) } function safe_add(A, D) { var C = (A & 65535) + (D & 65535); var B = (A >> 16) + (D >> 16) + (C >> 16); return (B << 16) | (C & 65535) } function bit_rol(A, B) { return (A << B) | (A >>> (32 - B)) } function str2binl(D) { var C = new Array(); var A = (1 << chrsz) - 1; for (var B = 0; B < D.length * chrsz; B += chrsz) { C[B >> 5] |= (D.charCodeAt(B / chrsz) & A) << (B % 32) } return C } function binl2str(C) { var D = ""; var A = (1 << chrsz) - 1; for (var B = 0; B < C.length * 32; B += chrsz) { D += String.fromCharCode((C[B >> 5] >>> (B % 32)) & A) } return D } function binl2hex(C) { var B = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; var D = ""; for (var A = 0; A < C.length * 4; A++) { D += B.charAt((C[A >> 2] >> ((A % 4) * 8 + 4)) & 15) + B.charAt((C[A >> 2] >> ((A % 4) * 8)) & 15) } return D } function binl2b64(D) { var C = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; var F = ""; for (var B = 0; B < D.length * 4; B += 3) { var E = (((D[B >> 2] >> 8 * (B % 4)) & 255) << 16) | (((D[B + 1 >> 2] >> 8 * ((B + 1) % 4)) & 255) << 8) | ((D[B + 2 >> 2] >> 8 * ((B + 2) % 4)) & 255); for (var A = 0; A < 4; A++) { if (B * 8 + A * 6 > D.length * 32) { F += b64pad } else { F += C.charAt((E >> 6 * (3 - A)) & 63) } } } return F } function str_to_ent(D) { var A = ""; var C; for (C = 0; C < D.length; C++) { var E = D.charCodeAt(C); var B = ""; if (E > 255) { while (E >= 1) { B = "0123456789".charAt(E % 10) + B; E = E / 10 } if (B == "") { B = "0" } B = "#" + B; B = "&" + B; B = B + ";"; A += B } else { A += D.charAt(C) } } return A } function trim(A) { while (A.substring(0, 1) == " ") { A = A.substring(1, A.length) } while (A.substring(A.length - 1, A.length) == " ") { A = A.substring(0, A.length - 1) } return A } function md5hash(B, A, E, C) { if (navigator.userAgent.indexOf("Mozilla/") == 0 && parseInt(navigator.appVersion) >= 4) { var D = hex_md5(str_to_ent(trim(B.value))); A.value = D; if (E) { D = hex_md5(trim(B.value)); E.value = D } if (!C) { B.value = "" } } return true }
Originally Posted by IBxAnders
1) FT does not currently store very valuable private information that requires SSL; we don't collect medical or credit card data. SSL may be a good practice - but, perhaps an overkill. There are very few SSL'ed vBulletin sites.
2) Unsalted hash? Passwords are salted and encrypted well. Even if you received a copy of the database, decryption of the password field would be very difficult, although as with anything - not impossible.
2) Unsalted hash? Passwords are salted and encrypted well. Even if you received a copy of the database, decryption of the password field would be very difficult, although as with anything - not impossible.
#6
Original Poster
Join Date: Apr 2013
Location: LAX
Posts: 63
Sorry to revive a dead post. I forgot about this.
My original comment was actually to point out the fact that on the client side, the FlyerTalk forum does not do anything too sophisticated to login information. Here is an example: I tried to login as user "username" whose password is "thepassword". This is information from a packet I sniffed out:
You can clearly see that I tried to login as "username". Now, instead of seeing the password in the clear, you see its MD5 hash: "3c41ff681c1e3dcb68b4d8573bf1c74c". The problem is that MD5 has been pretty well-studied and is considered to be very weak (e.g. collision attacks, pre-image attacks, etc...). There are also loads of lookup tables. In this example, you can go to http://www.md5-lookup.com/ and put in the hash mentioned above. It returns "thepassword" as the original string.
---------
I think that my post at the very top was taken in the context of the security of financial information over an open wireless internet connection. While it can be secure, my point was that usage of less sensitive sites (like FlyerTalk) can create a side security issue for people who reuse login information.
My original comment was actually to point out the fact that on the client side, the FlyerTalk forum does not do anything too sophisticated to login information. Here is an example: I tried to login as user "username" whose password is "thepassword". This is information from a packet I sniffed out:
vb_login_username=username&vb_login_password=&vb_l ogin_password_text=Password&s=&securitytoken=guest &do=login&vb_login_md5password=3c41ff681c1e3dcb68b 4d8573bf1c74c&vb_login_md5password_utf=3c41ff681c1 e3dcb68b4d8573bf1c74c
---------
I think that my post at the very top was taken in the context of the security of financial information over an open wireless internet connection. While it can be secure, my point was that usage of less sensitive sites (like FlyerTalk) can create a side security issue for people who reuse login information.
Last edited by NameCoin; Apr 21, 2013 at 9:46 am
#7
FlyerTalk Evangelist
Join Date: Mar 2004
Location: SGF
Programs: AS, AA, UA, AGR S (former 75K, GLD, 1K, and S+, now an elite peon)
Posts: 23,195
Sorry to revive a dead post. I forgot about this.
My original comment was actually to point out the fact that on the client side, the FlyerTalk forum does not do anything too sophisticated to login information. Here is an example: I tried to login as user "username" whose password is "thepassword". This is information from a packet I sniffed out:
You can clearly see that I tried to login as "username". Now, instead of seeing the password in the clear, you see its MD5 hash: "3c41ff681c1e3dcb68b4d8573bf1c74c". The problem is that MD5 has been pretty well-studied and is considered to be very weak (e.g. collision attacks, pre-image attacks, etc...). There are also loads of lookup tables. In this example, you can go to http://www.md5-lookup.com/ and put in the hash mentioned above. It returns "thepassword" as the original string.
---------
I think that my post at the very top was taken in the context of the security of financial information over an open wireless internet connection. While it can be secure, my point was that usage of less sensitive sites (like FlyerTalk) can create a side security issue for people who reuse login information.
My original comment was actually to point out the fact that on the client side, the FlyerTalk forum does not do anything too sophisticated to login information. Here is an example: I tried to login as user "username" whose password is "thepassword". This is information from a packet I sniffed out:
You can clearly see that I tried to login as "username". Now, instead of seeing the password in the clear, you see its MD5 hash: "3c41ff681c1e3dcb68b4d8573bf1c74c". The problem is that MD5 has been pretty well-studied and is considered to be very weak (e.g. collision attacks, pre-image attacks, etc...). There are also loads of lookup tables. In this example, you can go to http://www.md5-lookup.com/ and put in the hash mentioned above. It returns "thepassword" as the original string.
---------
I think that my post at the very top was taken in the context of the security of financial information over an open wireless internet connection. While it can be secure, my point was that usage of less sensitive sites (like FlyerTalk) can create a side security issue for people who reuse login information.
Fortunately, I almost never need to actually "log in" to FlyerTalk, as I am on FT frequently enough that my login session never times out. (I assume my password isn't being stored in a cookie somewhere and transmitted occasionally but rather some session ID is stored that--while it possibly could be spoofed to gain access to my FT account--won't compromise my actual password.)
IB, what are you going to do about this?
#8
No longer with Internet Brands
Join Date: Mar 2011
Location: Los Angeles, CA
Programs: DL DM 1.6MM, Marriott LT Plat
Posts: 5,343
That's actually pretty scary.
Fortunately, I almost never need to actually "log in" to FlyerTalk, as I am on FT frequently enough that my login session never times out. (I assume my password isn't being stored in a cookie somewhere and transmitted occasionally but rather some session ID is stored that--while it possibly could be spoofed to gain access to my FT account--won't compromise my actual password.)
IB, what are you going to do about this?
Fortunately, I almost never need to actually "log in" to FlyerTalk, as I am on FT frequently enough that my login session never times out. (I assume my password isn't being stored in a cookie somewhere and transmitted occasionally but rather some session ID is stored that--while it possibly could be spoofed to gain access to my FT account--won't compromise my actual password.)
IB, what are you going to do about this?
http://www.flyertalk.com/forum/20564390-post1607.html
Short answer: logins are secure.
#9
FlyerTalk Evangelist
Join Date: Mar 2004
Location: SGF
Programs: AS, AA, UA, AGR S (former 75K, GLD, 1K, and S+, now an elite peon)
Posts: 23,195
Answered here on 4/9:
http://www.flyertalk.com/forum/20564390-post1607.html
Short answer: logins are secure.
http://www.flyertalk.com/forum/20564390-post1607.html
Short answer: logins are secure.
You're talking about salting the database the passwords are stored in on your servers.
NameCoin is talking about the hash of the password as it is sent from our browsers to your servers during the login process--and he proved that it was easily broken.
#10
Administrator
Join Date: Apr 2008
Location: Los Angeles, CA
Programs: SPG
Posts: 607
We are not currently planning on putting the entire site behind an HTTPS proxy, nor re-writing core vBulletin components for additional encryption. While the perceived threat is real if some conditions are met, the use-case is not direct and I do not think presents a danger.
#11
FlyerTalk Evangelist
Join Date: Mar 2004
Location: SGF
Programs: AS, AA, UA, AGR S (former 75K, GLD, 1K, and S+, now an elite peon)
Posts: 23,195
If you are on a network that has been compromised and packets are actively being sniffed - then yes, a hacker can absolutely intercept and decode a password, not only for Flyertalk - but almost every forum and other web app.
We are not currently planning on putting the entire site behind an HTTPS proxy, nor re-writing core vBulletin components for additional encryption. While the perceived threat is real if some conditions are met, the use-case is not direct and I do not think presents a danger.
We are not currently planning on putting the entire site behind an HTTPS proxy, nor re-writing core vBulletin components for additional encryption. While the perceived threat is real if some conditions are met, the use-case is not direct and I do not think presents a danger.
It is extremely dangerous for you to tell people "don't worry, that coffee shop network you're using is probably secure." You should never assume that. Always treat browsing the Internet in a public place as if someone is looking over your shoulder at all times. I think you need to have a serious talk with your product people and rethink your entire company's approach to security. The lackadaisical attitude I'm seeing towards it is not very comforting to me.
#12
Administrator
Join Date: Apr 2008
Location: Los Angeles, CA
Programs: SPG
Posts: 607
Most every other site that asks me to submit a password has at least an encrypted login screen (if the entire site isn't encrypted), whether it's banking, email, or even Facebook. I'm hard-pressed to think of another site I use with any regularity that presents a possible threat of sniffing my password in [almost] clear-text.
It is extremely dangerous for you to tell people "don't worry, that coffee shop network you're using is probably secure." You should never assume that. Always treat browsing the Internet in a public place as if someone is looking over your shoulder at all times. I think you need to have a serious talk with your product people and rethink your entire company's approach to security. The lackadaisical attitude I'm seeing towards it is not very comforting to me.
It is extremely dangerous for you to tell people "don't worry, that coffee shop network you're using is probably secure." You should never assume that. Always treat browsing the Internet in a public place as if someone is looking over your shoulder at all times. I think you need to have a serious talk with your product people and rethink your entire company's approach to security. The lackadaisical attitude I'm seeing towards it is not very comforting to me.
- We will evaluate the improvement request, it's a valid request.
- This is not an emergency: this is an improvement request to prevent a potential vector if your network is already compromised.
#13
FlyerTalk Evangelist
Join Date: Mar 2004
Location: SGF
Programs: AS, AA, UA, AGR S (former 75K, GLD, 1K, and S+, now an elite peon)
Posts: 23,195
--Posted from a public wifi spot in Panama City, Panama and hoping my account remains secure
#14
Administrator
Join Date: Apr 2008
Location: Los Angeles, CA
Programs: SPG
Posts: 607
Quick update on this request:
HTTPS / SSL is now available on Flyertalk. It is not yet made a default choice for all users, but those that wish to use the secure version may do so by manually requesting the forum via https instead of http.
Global mandatory rollout requires additional time due to obvious use-cases where we need to rebuild several components needed to support SSL.
But again - those that would like to use the SSL version, may do so via manually altering the URL (once) to HTTPS instead of HTTP.
For example: FlyerTalk Website security
Thank you
HTTPS / SSL is now available on Flyertalk. It is not yet made a default choice for all users, but those that wish to use the secure version may do so by manually requesting the forum via https instead of http.
Global mandatory rollout requires additional time due to obvious use-cases where we need to rebuild several components needed to support SSL.
But again - those that would like to use the SSL version, may do so via manually altering the URL (once) to HTTPS instead of HTTP.
For example: FlyerTalk Website security
Thank you
#15
FlyerTalk Evangelist
Join Date: Mar 2004
Location: SGF
Programs: AS, AA, UA, AGR S (former 75K, GLD, 1K, and S+, now an elite peon)
Posts: 23,195
Quick update on this request:
HTTPS / SSL is now available on Flyertalk. It is not yet made a default choice for all users, but those that wish to use the secure version may do so by manually requesting the forum via https instead of http.
Global mandatory rollout requires additional time due to obvious use-cases where we need to rebuild several components needed to support SSL.
But again - those that would like to use the SSL version, may do so via manually altering the URL (once) to HTTPS instead of HTTP.
For example: FlyerTalk Website security
Thank you
HTTPS / SSL is now available on Flyertalk. It is not yet made a default choice for all users, but those that wish to use the secure version may do so by manually requesting the forum via https instead of http.
Global mandatory rollout requires additional time due to obvious use-cases where we need to rebuild several components needed to support SSL.
But again - those that would like to use the SSL version, may do so via manually altering the URL (once) to HTTPS instead of HTTP.
For example: FlyerTalk Website security
Thank you
I look forward to being able to turn it on globally, but for now, when I am in a public place, I will use the secure login page and rest much easier using FT.