Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Python: Flask & Django Constant Secret Key initialization #766

Closed
1 of 2 tasks
am0o0 opened this issue Jun 29, 2023 · 4 comments
Closed
1 of 2 tasks

Python: Flask & Django Constant Secret Key initialization #766

am0o0 opened this issue Jun 29, 2023 · 4 comments
Labels
All For One Submissions to the All for One, One for All bounty

Comments

@am0o0
Copy link

am0o0 commented Jun 29, 2023
edited

Query PR

github/codeql#13561

Language

Python

CVE(s) ID list

CWE

CWE-287: Improper Authentication

Report

  1. Flask and Django require a Securely signed key for singing the session cookies. most of the time developers rely on load hardcoded secret keys from a config file or python code. this proves that the way of hardcoded secret can make problems when you forgot to change the constant secret keys.
  2. I used taint tracking from constants or nodes that provide default constant to an initialization of Flask and Django SECRET_KEY Value/Field.
  3. I did some sanitizations to reduce the FP rate as much as possible.

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

  • Yes
  • No

Blog post link

definitely I will publish a blog post soon!
@am0o0 am0o0 added the All For One Submissions to the All for One, One for All bounty label Jun 29, 2023
@ghsecuritylab
Copy link
Collaborator

Your submission is now in status Query review.

For information, the evaluation workflow is the following:
Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

@ghsecuritylab
Copy link
Collaborator

Your submission is now in status Final decision.

For information, the evaluation workflow is the following:
Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

@xcorail
Copy link
Contributor

xcorail commented Aug 25, 2023

Created Hackerone report 2123678 for bounty 508102 : [766] Python: Flask & Django Constant Secret Key initialization

@xcorail xcorail closed this as completed Aug 25, 2023
@ghsecuritylab
Copy link
Collaborator

Your submission is now in status Closed.

For information, the evaluation workflow is the following:
Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
All For One Submissions to the All for One, One for All bounty
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xcorail @ghsecuritylab @am0o0