fixed vulnerability

pandora_console/extras/mr/58.sql

@@ -0,0 +1,5 @@
+START TRANSACTION;
+
+ALTER TABLE `tusuario` ADD COLUMN `auth_token_secret` VARCHAR(45) DEFAULT NULL;
+
+COMMIT;

pandora_console/include/lib/User.php

@@ -188,6 +188,14 @@ class User implements PublicLogin
             $config['public_access'] = false;
         }
 
+        if (empty($other_secret) === true) {
+            $auth_token_secret = db_get_value('auth_token_secret', 'tusuario', 'id_user', $config['id_user']);
+
+            if (empty($auth_token_secret) === false) {
+                $other_secret = $auth_token_secret;
+            }
+        }
+
         // Build a hash to check.
         $hashCheck = self::generatePublicHash($other_secret);
         if ($hashCheck === $hash) {

pandora_console/include/rest-api/index.php

@@ -66,7 +66,19 @@ if ($doLogin === true) {
         ]
     ) === true
     ) {
-        echo json_encode(['auth_hash' => User::generatePublicHash()]);
+        $newGeneratedSecret = bin2hex(openssl_random_pseudo_bytes(15));
+
+        $res_update = update_user(
+            $id_user,
+            ['auth_token_secret' => $newGeneratedSecret]
+        );
+
+        if ($res_update === false) {
+            http_response_code(404);
+            return;
+        }
+
+        echo json_encode(['auth_hash' => User::generatePublicHash($newGeneratedSecret)]);
     } else {
         db_pandora_audit(
             AUDIT_LOG_ACL_VIOLATION,

pandora_console/pandoradb.sql

@@ -1308,6 +1308,7 @@ CREATE TABLE IF NOT EXISTS `tusuario` (
   `integria_user_level_pass` VARCHAR(45),
   `allowed_ip_active` TINYINT UNSIGNED DEFAULT 0,
   `allowed_ip_list` TEXT,
+  `auth_token_secret` VARCHAR(45) DEFAULT NULL,
   CONSTRAINT `fk_filter_id` FOREIGN KEY (`id_filter`) REFERENCES tevent_filter (`id_filter`) ON DELETE SET NULL,
   UNIQUE KEY `id_user` (`id_user`)
 ) ENGINE=InnoDB DEFAULT CHARSET=UTF8MB4;