Table of Contents

• Public disclosure of security issue at But.fr
  • What made us disclose this issue
  • Timeline
  • Security impact
  • Recommendations for users
  • Steps to reproduce
  • Recommendations for BUT

Public disclosure of security issue at But.fr

What made us disclose this issue

At quintessence, we are committed to improving the security posture of organizations and protecting users' data.

We strongly believe that BUT may be using weak MD5 without salt for hashing user passwords, we knew it was crucial to inform the company so they could mitigate the impact on an eventual security breach.

MD5 is a cryptographic hash function that produces a 128-bit hash value, but due to known vulnerabilities, it is no longer considered secure for password storage. Furthermore, not using a salt increases the likelihood of successful brute force or rainbow table attacks, putting user data at significant risk, especially if passwords cannot be longer than 20 characters.

Learn more about the security implications of using MD5 here.

Given the severity of this issue and the lack of response from BUT after our initial outreach, we feel compelled to disclose this information publicly to ensure users are aware of the potential risks and can take appropriate actions to protect themselves.

Timeline

• 2024-10-28 (0 days in): Initial attempt to contact BUT via customer support (no known public email, expired security.txt), we clearly explained that we had identified a "security issue" and that we needed to speak with someone from the security team.
• 2024-10-30 (2 days in): BUT acknowledged our message and informed us that they would forward it to the appropriate team.
• 2024-11-05 (8 days in): We followed up to ask for an update.
• 2024-11-05 (8 days in): BUT confirmed that they had received our message and that they were working on it.
• 2024-11-06 (9 days in): BUT automatically sent us a satisfaction survey, but we had not received any response from the security team.
• 2024-11-12 (15 days in): We sent another follow-up email, asking if they had an IT team able to handle security issues.
• 2024-11-14 (17 days in): BUT replied that their IT team was dealing with our request.
• 2024-12-02 (35 days in): No further communication from BUT, we weren't able to send detailed information about the issue due to the lack of a secure channel. The issue remains unresolved, we responsibly disclosed it publicly on Bluesky and X
• 2024-12-03 (36 days in): Responsible disclosure on our website.

Security impact

Using MD5 without salt for password hashing poses a significant security risk. Here are some key implications:

• Vulnerability to brute force attacks: MD5 is susceptible to brute force attacks because it lacks the computational complexity required to withstand modern attack vectors.
• Rainbow table attacks: Precomputed rainbow tables can be used to reverse MD5 hashes quickly, making it easy for an attacker to crack passwords.
• Data breach consequences: In the event of a data breach, compromised passwords could be easily cracked, leading to unauthorized access to users' accounts and potential identity theft if passwords are reused across multiple platforms.

Recommendations for users

Given the security risks associated with BUT's current password hashing practice, we recommend the following steps to all users:

1. Delete your BUT account: To protect your personal data, consider deleting your account on BUT, especially if it is no longer in use.
2. Change passwords elsewhere: If you use the same password on other websites or services, change those passwords immediately.
3. Use unique and strong passwords: Always use unique and strong passwords for different accounts to minimize the risk of a single compromised password affecting multiple services.
4. Monitor your accounts: Keep an eye on your accounts for any unauthorized activity and report it promptly if detected.

Steps to reproduce

To verify the issue:

1. Create an account on BUT.
2. Perform an authenticated GET request on https://www.but.fr/Api/Rest/Customers/:id/FullData
3. Parse JSON get the value of the key password which contains the MD5-hashed password used during the account's creation.

1{
2    [...]
3    "lastname": "test",
4    "firstname": "test",
5    "email": "[email protected]",
6    "password": "d8751809720815aa454dd410eb6f0032",
7    [...]
8}

1$ echo -n 'vcEnJfe3fy>]v^$]hxyz' | md5sum
2d8751809720815aa454dd410eb6f0032  -

Recommendations for BUT

To mitigate the security risks associated with weak password hashing, we recommend the following steps for BUT:

1. Upgrade password hashing algorithm: Replace MD5 with a more secure hashing algorithm such as argon2, and progressively migrate existing passwords to the new algorithm when users log in.
2. Force password reset: Prompt users to reset their passwords to ensure that all passwords are hashed using the new algorithm.
3. Increase maximum password length: Allow users to create passwords that are longer than 20 characters to increase the complexity and security of their credentials.