folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00.
Critical vulnerability in the Facebook Folly library and HHVM (HipHop Virtual Machine) allows for predictable random number generation across forked processes. This can lead to security breaches in applications relying on secure random numbers for critical operations like cryptographic keys, session IDs, and authentication tokens, potentially enabling unauthorized access and data compromise.
Step 1: Process Forking: A parent process, utilizing the vulnerable folly::secureRandom function, calls fork() to create child processes.
Step 2: Buffer Inheritance: The child processes inherit the pre-allocated buffer used by folly::secureRandom from the parent process.
Step 3: Random Number Generation: Both parent and child processes, without proper re-seeding, begin generating random numbers using the shared buffer.
Step 4: Predictable Output: Due to the shared buffer and lack of re-seeding, child processes generate predictable or identical random numbers, leading to a loss of entropy.
Step 5: Exploitation: An attacker can leverage the predictable random numbers to guess or brute-force cryptographic keys, session IDs, or other security-sensitive data generated by the vulnerable processes.
The vulnerability stems from the folly::secureRandom function's implementation, which reuses a pre-allocated buffer for random number generation across parent and child processes after a fork() call. This shared buffer is not properly re-seeded in the child process. Consequently, multiple child processes, spawned by the parent, will generate predictable or identical random numbers, compromising the security of any application relying on the randomness. The root cause is a lack of proper initialization of the random number generator (RNG) state in the forked child processes, leading to a predictable sequence of random numbers. This is not a buffer overflow or memory corruption issue, but a state management problem within the RNG's context.