CVE-2025-62710: Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

The security advisory GHSA-gr7h-xw4f-wh86 describes a vulnerability where a predictable pseudo-random number generator (PRNG) is used for generating a critical server-side encryption key. The analysis of the provided patch commit, bde070104b1de01f4a6458dca6d9e0880a0e3c04, confirms this.

The root cause is the use of org.apache.commons.lang3.RandomStringUtils without providing a cryptographically secure random number generator. By default, this utility uses java.util.Random, which is not suitable for security-sensitive applications as its output can be predicted if an attacker has some knowledge of the seed (e.g., the application's start time).

The investigation of the patch revealed two key locations where this insecure method was used:

1. org.sakaiproject.util.impl.EncryptionUtilityServiceImpl.init(): This is the primary vulnerable function identified in the advisory. It generates the serverSecretKey used for encryption services across the application. The patch replaces the insecure call with one that explicitly uses java.security.SecureRandom, a cryptographically strong PRNG.

2. org.sakaiproject.component.app.scheduler.jobs.cm.processor.sis.UserProcessor.generatePassword(): A similar insecure pattern was found and fixed in this method, which is responsible for generating user passwords. The use of a predictable PRNG here would result in weak, guessable passwords.

Both functions would appear in a runtime profile during the exploitation or triggering of this vulnerability. The init function would be called during application startup, and generatePassword would be called during user processing tasks. An attacker could target the output of either function (encrypted data or user passwords) to exploit this weakness.