GHSA-gr7h-xw4f-wh86: Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

The vulnerability, identified as GHSA-gr7h-xw4f-wh86, stems from the use of a predictable Pseudo-Random Number Generator (PRNG) for security-sensitive operations. The analysis of the provided patch commit bde070104b1de01f4a6458dca6d9e0880a0e3c04 confirms this.

The root cause is the usage of org.apache.commons.lang3.RandomStringUtils without providing a cryptographically secure random number generator. By default, this utility uses java.util.Random, which is not suitable for cryptographic purposes as its output can be predicted if an attacker can gather some initial state information.

Two primary vulnerable functions were identified from the patch:

1. org.sakaiproject.util.impl.EncryptionUtilityServiceImpl.init(): This function is responsible for initializing a server-wide secret key (serverSecretKey) used for encrypting data at rest. The patch explicitly replaces the default RandomStringUtils.random call with one that uses java.security.SecureRandom, a cryptographically strong PRNG. This indicates that the original implementation was vulnerable to key prediction.

2. org.sakaiproject.component.app.scheduler.jobs.cm.processor.sis.UserProcessor.generatePassword(): This function generates passwords for users, likely during an automated user provisioning process from a Student Information System (SIS). Similar to the first function, it was using a weak version of RandomStringUtils. The patch corrects this by incorporating SecureRandom, mitigating the risk of generating predictable passwords.

An attacker exploiting this vulnerability could potentially decrypt sensitive data or gain unauthorized access to user accounts by predicting the generated keys or passwords. The fix applied in the patch correctly addresses the root cause by replacing the weak PRNG with a secure one for all identified instances.