Weak PRNG (Math.random) for PKCE code verifiers in ioBroker.vw-connect

[AidanDalyAus]

Summary

The iobroker.vw-connect npm package (1,258 downloads/month, 118 stars, supports VW/Audi/Skoda/Seat/Cupra/Porsche) uses Math.random() to generate PKCE code verifiers and SHA256(Date.now()) for OAuth nonces. Neither is cryptographically secure.

Finding 1: Math.random() for PKCE (CWE-330, Medium)

main.js line 5727 (getCodeChallenge) and line 5737 (getCodeChallengev2):

// BEFORE (vulnerable):
for (let i = 64; i > 0; --i) result += chars[Math.floor(Math.random() * chars.length)];

Math.random() is not cryptographically secure. An attacker who can observe or predict the PRNG state can forge PKCE challenges, bypassing authorization code protection for 15 VW Group brands.


Finding 2: Deterministic Nonce (CWE-330, Medium)
main.js line 5745 (getNonce):

const timestamp = Date.now();
let hash = crypto.createHash("sha256").update(timestamp.toString()).digest("base64");

The nonce is SHA256 of the current timestamp — deterministic if the attacker knows approximately when the request was made.


Finding 3: Auth Code + PKCE Verifier Logged (CWE-532, Medium)
main.js line ~1127 logs the full token request body including authorization code and code_verifier at debug level. This defeats PKCE protection if logs are accessible.


Fix PR
https://github.com/TA2k/ioBroker.vw-connect/pull/413

Affected code
PKCE: https://github.com/TA2k/ioBroker.vw-connect/blob/master/main.js#L5727
Nonce: https://github.com/TA2k/ioBroker.vw-connect/blob/master/main.js#L5745