From 3d9798da1f9d130abffad3cb429ac3be677791c5 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 28 Sep 2015 02:57:58 -0400
Subject: [PATCH] Make brute force attacks harder by re-generating security token on every failed login (#1490549)

---
 program/lib/Roundcube/rcube.php |   13 ++++++-------
 CHANGELOG                       |    1 +
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index c6c8b36..85f0bca 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,6 +2,7 @@
 ===========================
 
 - Fix so Installer requires PHP5
+- Make brute force attacks harder by re-generating security token on every failed login (#1490549)
 
 RELEASE 1.1.3
 -------------
diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php
index 57fde4c..2335761 100644
--- a/program/lib/Roundcube/rcube.php
+++ b/program/lib/Roundcube/rcube.php
@@ -1027,15 +1027,14 @@
      */
     public function get_request_token()
     {
-        $sess_id = $_COOKIE[ini_get('session.name')];
-        if (!$sess_id) {
-            $sess_id = session_id();
+        if (empty($_SESSION['request_token'])) {
+            $plugin = $this->plugins->exec_hook('request_token', array(
+                'value' => rcube_utils::random_bytes(32)));
+
+            $_SESSION['request_token'] = $plugin['value'];
         }
 
-        $plugin = $this->plugins->exec_hook('request_token', array(
-            'value' => md5('RT' . $this->get_user_id() . $this->config->get('des_key') . $sess_id)));
-
-        return $plugin['value'];
+        return $_SESSION['request_token'];
     }
 
 

--
Gitblit v1.9.1