CVE-2025-68402 in FreshRSS
Summary
by MITRE • 03/09/2026
FreshRSS is a free, self-hostable RSS aggregator. From 57e1a37 - 00f2f04, the lengths of the nonce was changed from 40 chars to 64. password_verify() is currently being called with a constructed string (SHA-256 nonce + part of a bcrypt hash) instead of the raw user password. Due to bcrypt’s 72-byte input truncation, this causes password verification to succeed even when the user enters an incorrect password. This vulnerability is fixed in 1.27.2-dev (476e57b). The issue was only present in the edge branch and never in a stable release.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/12/2026
FreshRSS represents a significant security vulnerability through the improper implementation of password verification mechanisms within its authentication system. The vulnerability stems from a specific code change between commit hashes 57e1a37 and 00f2f04 where nonce length was increased from 40 to 64 characters. This modification introduced a critical flaw in the password verification process where the password_verify() function began processing a constructed string composed of SHA-256 nonce concatenated with part of a bcrypt hash rather than utilizing the actual user password for verification. The technical implementation flaw directly violates standard authentication security practices and creates a fundamental weakness in the system's ability to properly validate user credentials.
The operational impact of this vulnerability extends beyond simple authentication bypasses to create a serious security risk for all affected systems. The core technical issue arises from bcrypt's inherent 72-byte input truncation behavior, which when combined with the constructed verification string creates a scenario where incorrect passwords can successfully pass validation. This occurs because the verification process operates on a string that exceeds the 72-byte limit imposed by bcrypt, causing the algorithm to truncate the input in a manner that inadvertently validates incorrect credentials. The vulnerability represents a classic case of improper input handling and demonstrates how seemingly innocuous code modifications can create catastrophic security implications. The flaw specifically affects the edge branch releases and was never present in stable release versions, indicating that the development team recognized the severity of the issue and addressed it in their development cycle.
The security implications of this vulnerability align with CWE-287 which addresses improper authentication and CWE-310 which covers cryptographic issues in authentication systems. From an adversarial perspective, this vulnerability maps directly to ATT&CK technique T1110.003 which covers credential guessing and password spraying attacks. Attackers could exploit this weakness to gain unauthorized access to FreshRSS installations by simply entering any password that would produce a valid bcrypt hash when combined with the nonce, effectively bypassing authentication entirely. The vulnerability demonstrates how the principle of least privilege and proper cryptographic implementation can be violated through seemingly minor code changes, creating an attack surface that was never intended to exist.
Mitigation strategies should focus on immediate implementation of the patched version 1.27.2-dev which contains the fix at commit 476e57b. Organizations currently running vulnerable edge branch versions must upgrade immediately to prevent exploitation. The fix addresses the core issue by restoring proper password verification mechanisms that utilize the raw user password rather than the constructed verification string. Additionally, system administrators should conduct comprehensive security audits of all FreshRSS installations to ensure no other modifications have introduced similar vulnerabilities. The incident highlights the importance of thorough code review processes, particularly when dealing with authentication and cryptographic functions, and demonstrates why automated testing and security validation should be integral parts of all software development lifecycle processes. Regular security assessments and proper version control practices are essential to prevent similar issues from arising in the future.