Summary
codebird-php (769⭐) has two distinct TLS certificate validation issues that allow MITM interception of Twitter API credentials in non-cURL mode.
Details
Vulnerability 1: SSL Context Nesting Bug
src/codebird.php — _getNoCurlInitialization():
$httpOptions['ssl'] = [
'verify_peer' => true,
'cafile' => '...',
'verify_depth' => 5,
'peer_name' => $hostname
];
$options = array_merge_recursive($contextOptions, ['http' => $httpOptions]);
// BUG: $options['http']['ssl']['verify_peer'] = true
// PHP expects: $options['ssl']['verify_peer'] = true
// Therefore verify_peer is NEVER appliedVulnerability 2: Hardcoded Bypass
src/codebird.php — _fetchRemoteFile():
'ssl' => [
'verify_peer' => false
]Credentials Exposed
// OAuth2 token request
$this->_curl_setopt($connection, CURLOPT_USERPWD,
self::$_consumer_key . ':' . self::$_consumer_secret);
Impact
- Twitter consumer_key + consumer_secret sent as Basic Auth over unverified TLS
- OAuth tokens and Bearer tokens transmitted over unverified TLS
- MITM attacker can capture all Twitter API credentials
Remediation
Fix SSL context nesting:
$options = array_merge_recursive($contextOptions, [
'http' => $httpOptions,
'ssl' => $httpOptions['ssl'],
]);Remove verify_peer => false from _fetchRemoteFile().
Severity
CVSS 3.1: 8.1 (HIGH) — AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-295: Improper Certificate Validation
Summary
codebird-php (769⭐) has two distinct TLS certificate validation issues that allow MITM interception of Twitter API credentials in non-cURL mode.
Details
Vulnerability 1: SSL Context Nesting Bug
src/codebird.php—_getNoCurlInitialization():Vulnerability 2: Hardcoded Bypass
src/codebird.php—_fetchRemoteFile():Credentials Exposed
Impact
Remediation
Fix SSL context nesting:
Remove
verify_peer => falsefrom_fetchRemoteFile().Severity
CVSS 3.1: 8.1 (HIGH) — AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-295: Improper Certificate Validation