Miggo Logo

CVE-2022-31157: LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.13687%
Published
7/15/2022
Updated
7/24/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
packbackbooks/lti-1-3-php-librarycomposer< 5.05.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from using uniqid() with microtime-based entropy for cryptographic nonce and state generation. The commit de19e8a replaced these with secureRandomString() using random_bytes(64) + SHA-256 hashing. The original implementations in LtiOidcLogin.php's doOidcLoginRedirect method lacked sufficient cryptographic complexity, as uniqid() is not designed for security-sensitive contexts. This matches CWE-330 (Insufficient Randomness) and the advisory's description of predictable values.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** *un*tion us** to **n*r*t* r*n*om non**s w*s not su**i*i*ntly *rypto*r*p*i**lly *ompl*x. *s * r*sult v*lu*s m*y ** pr**i*t**l* *n* tok*ns m*y ** *or***l*. ### P*t***s Us*rs s*oul* up*r*** to v*rsion *.* imm**i*t*ly ### Work*roun*s

Reasoning

T** vuln*r**ility st*mm** *rom usin* `uniqi*()` wit* mi*rotim*-**s** *ntropy *or *rypto*r*p*i* non** *n* st*t* **n*r*tion. T** *ommit ******* r*pl**** t**s* wit* `s**ur*R*n*omStrin*()` usin* `r*n*om_*yt*s(**)` + S**-*** **s*in*. T** ori*in*l impl*m*n
CVE-2022-31157: LTI Tool Lib Nonce Auth Bypass | Miggo