Skip to content
Browse files

Fix weak random seed

  • Loading branch information
tylerjl committed Apr 4, 2014
1 parent 929e6e5 commit 6e5cd6c62e45dfcb77745bf8087112ad264b8024
Showing with 2 additions and 2 deletions.
  1. +2 −2 scoreserver.rb
@@ -1,7 +1,7 @@
require 'rubygems'
require 'sinatra'
require 'digest/sha1'
require 'securerandom'


@@ -11,7 +11,7 @@
# create default config.rb
open('./config.rb', "w+") {|f|
f.puts <<-"EOS"
COOKIE_SECRET = "#{Digest::SHA1.hexdigest(}"
COOKIE_SECRET = "#{SecureRandom.hex(20)}"
ADMIN_PASS_SHA1 = "08a567fa1a826eeb981c6762a40576f14d724849" #ctfadmin
STYLE_SHEET = "/style.css"
HTML_TITLE = "scoreserver.rb CTF"

1 comment on commit 6e5cd6c


This comment has been minimized.

Copy link

@jjarmoc jjarmoc commented on 6e5cd6c Apr 6, 2014

FYI - The vuln here probably leads to RCE as well. I commented on the reddit thread about your blogpost, but with no blog comments I thought you might be interested to see it, so figured I'd just comment here.

Please sign in to comment.