Skip to content


Fix weak random seed
Browse files Browse the repository at this point in the history
  • Loading branch information
tylerjl committed Apr 4, 2014
1 parent 929e6e5 commit 6e5cd6c
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions scoreserver.rb
@@ -1,7 +1,7 @@
require 'rubygems'
require 'sinatra'
require 'digest/sha1'
require 'securerandom'


Expand All @@ -11,7 +11,7 @@
# create default config.rb
open('./config.rb', "w+") {|f|
f.puts <<-"EOS"
COOKIE_SECRET = "#{Digest::SHA1.hexdigest(}"
COOKIE_SECRET = "#{SecureRandom.hex(20)}"
ADMIN_PASS_SHA1 = "08a567fa1a826eeb981c6762a40576f14d724849" #ctfadmin
STYLE_SHEET = "/style.css"
HTML_TITLE = "scoreserver.rb CTF"
Expand Down

1 comment on commit 6e5cd6c

Copy link

@jjarmoc jjarmoc commented on 6e5cd6c Apr 6, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI - The vuln here probably leads to RCE as well. I commented on the reddit thread about your blogpost, but with no blog comments I thought you might be interested to see it, so figured I'd just comment here.

Please sign in to comment.