Listen to this Post
The vulnerability stems from Cloudreve’s use of the `math/rand` package, a weak pseudo‑random number generator (PRNG), seeded with `time.Now().UnixNano()` during the application’s initial deployment. This seed is derived from the system’s nanosecond timestamp at startup, which an attacker can approximate. Two critical secrets are generated this way: `secret_key` (used for JWT signing) and `hash_id_salt` (used for user ID hashing). Both are persisted in the database.
The attack begins by retrieving the administrator’s account creation time through public API endpoints (e.g., user profile lookups). This timestamp provides a narrow window for the PRNG seed. Because math/rand’s internal state is only 2⁶³ possibilities and the seed is time‑bound, an attacker can brute‑force the seed value on a consumer PC in under three hours. A known hashid from the application is used to validate a candidate seed.
Once the seed is recovered, the attacker regenerates the exact secret_key. With this key, they can forge valid JSON Web Tokens (JWTs) for any user, including administrators. The result is full account takeover and privilege escalation without any further interaction.
Notably, servers running version 4.10.0 or later remain vulnerable if they were originally installed using an older version, because the weak secrets persist in the configuration. The patch in version 4.13.0 automatically invalidates the old `secret_key` and replaces it with a cryptographically secure one generated via crypto/rand.
dailycve form:
Platform: Cloudreve
Version: Prior 4.10.0
Vulnerability: Weak PRNG secrets
Severity: Critical
date: March 31 2026
Prediction: Upgrade to 4.13.0
What Undercode Say:
Check if your Cloudreve was initialized with weak secrets Look for secret_key length; if it's 32 chars of alphanumeric, it's likely weak docker exec cloudreve_db mysql -e "SELECT FROM cloudreve.options WHERE key='secret_key'" Generate a cryptographically secure replacement secret openssl rand -base64 64 Rotate secrets manually (stop service, update DB, restart) systemctl stop cloudreve mysql -e "UPDATE cloudreve.options SET value='<new-secret>' WHERE key='secret_key'" systemctl start cloudreve
Exploit:
- Enumerate admin account creation time via `/api/user/:id` or similar.
- Brute‑force `time.Now().UnixNano()` seed within ±1 hour of that timestamp.
- Use `math/rand` with each candidate seed to regenerate
secret_key. - Validate seed by comparing regenerated `hash_id_salt` against known hashid.
- Forge JWT with arbitrary user claims and sign using recovered key.
Protection from this CVE
- Upgrade immediately to Cloudreve 4.13.0 (patch automatically migrates secrets).
- If upgrade is delayed, manually rotate `secret_key` and `hash_id_salt` using a cryptographically secure generator.
- After rotation, force all users to re‑authenticate (existing sessions become invalid).
Impact
Full account takeover of any user, including administrators; complete compromise of file storage, user data, and system configuration.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

