Seen this? https://github.com/altf4/untwister
http://www.irongeek.com/i.php?page=videos/bsideslasvegas2014/bg04-untwisting-the-mersenne-twister-how-i-killed-the-prng-moloch -Paul On Tue, Feb 10, 2015 at 4:50 PM, Scott Arciszewski <sc...@arciszewski.me> wrote: > Ticket opened: 2014-06-25 > Affected Versions: ALL > Problem: No CSPRNG > Patch available, collecting dust because of negligent (and questionably > competent) WP maintainers > > On June 25, 2014 I opened a ticked on WordPress's issue tracker to expose a > cryptographically secure pseudorandom number generator, since none was > present (although it looks like others have tried to hack together a > band-aid solution to mitigate php_mt_seed until WordPress gets their "let's > support PHP < 5.3" heads out of their asses). > > For the past 8 months, I have tried repeatedly to raise awareness of this > bug, even going as far as to attend WordCamp Orlando to troll^H advocate > for its examination in person. And they blew me off every time. > > If anyone with RNG breaking experience (cough solar designer cough) can PoC > it, without the patch I've provided you should be able to trivially predict > the password reset token for admin users and take over any WordPress site > completely. > > Eight fucking months. > > Patch available with unit tests and PHP 5.2 on Windows support at > https://core.trac.wordpress.org/attachment/ticket/28633/28633.3.patch > > Scott > https://scott.arciszewski.me > @voodooKobra > > _______________________________________________ > Sent through the Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
