CVE-2024-48928 Overview
CVE-2024-48928 is an Insecure Random Number Generation vulnerability affecting Piwigo, an open source photo gallery application for the web. During installation on the 14.x branch, the secret_key configuration parameter is set using MD5(RAND()) in MySQL. However, MySQL's RAND() function only provides approximately 30 bits of randomness, making it computationally feasible to brute-force the secret key within approximately one hour.
The vulnerability allows attackers to derive the secret key by leveraging the CSRF token construction, which partially incorporates this key. Once the secret key is compromised, attackers may be able to generate values for get_ephemeral_key, potentially enabling cross-site request forgery attacks and other security bypasses.
Critical Impact
Weak cryptographic key generation enables brute-force attacks against the application's secret key, potentially compromising CSRF protections and ephemeral key generation.
Affected Products
- Piwigo versions on the 14.x branch
- Piwigo installations prior to version 15.0.0
- Self-hosted Piwigo photo gallery deployments using MySQL
Discovery Timeline
- 2026-02-24 - CVE CVE-2024-48928 published to NVD
- 2026-02-25 - Last updated in NVD database
Technical Details for CVE-2024-48928
Vulnerability Analysis
This vulnerability stems from the use of MySQL's RAND() function for generating cryptographic secret keys. The RAND() function is designed for generating pseudo-random numbers for general purposes, not for cryptographic key generation. With only approximately 30 bits of entropy (roughly 1 billion possible values), an attacker can systematically enumerate all possible secret key values.
The attack is made practical because the CSRF token construction incorporates portions of the secret key. By observing CSRF tokens and testing candidate secret keys against them, an attacker can verify when a brute-force attempt has succeeded. The entire keyspace can be exhausted in approximately one hour on modern hardware.
While the overall impact is limited due to additional security layers—the auto login key incorporates the user's password, and the pwg_token uses the session identifier alongside the secret key—successful exploitation could allow generation of ephemeral keys and potential CSRF attacks against authenticated users.
Root Cause
The root cause is the use of an insufficient entropy source (RAND() in MySQL) for generating security-critical cryptographic material. The vulnerable code in install.php uses MD5(RAND()) to generate the secret_key, combining a weak random number generator with MD5 hashing. Since RAND() only provides 30 bits of randomness, the MD5 hash does not increase the effective entropy—it merely obfuscates the underlying weakness.
CWE-330 (Use of Insufficiently Random Values) directly applies to this vulnerability, as the random values used for security purposes do not provide adequate unpredictability.
Attack Vector
The attack requires network access to a Piwigo installation and proceeds as follows:
- Attacker obtains a valid CSRF token from the target Piwigo instance
- Attacker generates all possible MD5(RAND()) values (approximately 2^30 combinations)
- For each candidate, attacker checks if it could produce the observed CSRF token
- Upon finding a match, attacker possesses the secret key
- Attacker can then forge ephemeral keys or potentially craft CSRF attacks
The fix in version 15.0.0 replaces the weak key generation with cryptographically secure random bytes:
// Vulnerable code (before patch)
INSERT INTO config (param,value,comment)
VALUES ('secret_key',md5(RAND()),
'a secret key specific to the gallery for internal use');
// Patched code (after fix)
INSERT INTO config (param,value,comment)
VALUES ('secret_key',''.sha1(random_bytes(1000)).''),
'a secret key specific to the gallery for internal use');
Source: GitHub Commit 552499e
The patch also includes an upgrade script for existing installations:
// install/db/174-database.php - Upgrade script for existing installations
if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}
$upgrade_description = 'increase security on secret_key';
conf_update_param('secret_key', sha1(random_bytes(1000)), true);
echo "\n".$upgrade_description."\n";
Source: GitHub Commit 552499e
Detection Methods for CVE-2024-48928
Indicators of Compromise
- Review the secret_key value in the Piwigo configuration table for MD5-length strings (32 hexadecimal characters) that may indicate weak key generation
- Monitor for unusual patterns of CSRF token requests from single IP addresses
- Check web server logs for systematic enumeration patterns against authentication endpoints
- Look for unexplained session anomalies or unauthorized configuration changes
Detection Strategies
- Audit Piwigo installation to verify version is 15.0.0 or later
- Query the database to examine the secret_key entropy by checking its generation method
- Implement rate limiting on endpoints that expose CSRF tokens
- Deploy web application firewall rules to detect high-frequency token probing
Monitoring Recommendations
- Enable detailed logging for authentication and CSRF-related functions
- Set up alerts for unusual volumes of requests to Piwigo login and form submission endpoints
- Monitor for automated scanning patterns targeting the Piwigo installation
- Review access logs periodically for signs of brute-force enumeration activity
How to Mitigate CVE-2024-48928
Immediate Actions Required
- Upgrade to Piwigo version 15.0.0 or later immediately
- For installations that cannot be upgraded immediately, manually regenerate the secret_key using cryptographically secure random bytes
- Review recent authentication logs for signs of exploitation
- Consider temporarily restricting access to the Piwigo installation until patched
Patch Information
The vulnerability is addressed in Piwigo version 15.0.0. The fix replaces the weak MD5(RAND()) key generation with sha1(random_bytes(1000)), providing cryptographically secure randomness. The patch includes both the installation fix and an upgrade script (install/db/174-database.php) that automatically regenerates the secret key for existing installations.
Detailed patch information is available in the GitHub Security Advisory GHSA-hghg-37rg-7r42 and the commit 552499e.
Workarounds
- Manually update the secret_key in the database using PHP's random_bytes() function
- Implement additional network-layer protections such as IP allowlisting for administrative access
- Deploy a web application firewall to detect and block brute-force enumeration attempts
- Consider placing Piwigo behind authentication at the reverse proxy level until patched
# Manual secret key regeneration via MySQL (temporary workaround)
# Generate a secure key using PHP and update the database
php -r "echo sha1(random_bytes(1000));"
# Then update the config table:
# UPDATE piwigo_config SET value='<generated_key>' WHERE param='secret_key';
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
