DELTA OBSCURA

We are the team behind Mission Cyber Sentinel, a mission dedicated to securing 446,000 digital assets globally.

Our Partners

Apache Druid - v35.0.0 - Use of Cryptographically Weak PRNG

By daeda1us 02:44 PM - November 28th 2025
Type software
Product Environment web
Product Name Apache Druid
Product Vendor Apache
Product Version 35.0.0
Product Link https://druid.apache.org/
Vulnerability Name Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Severity Critical
CVSS String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score 9.8
CVE ID CVE-2025-59390
Vendor Acknowledgement Yes
Affected digital Assets
N/A
Affected Users
100000000
Date of Reporting Jul 20, 2025
PoC Exploit https://github.com/Daeda1usUK/CVE-2025-59390-/blob/main/ThreadLocalRandom%20Inverse%20POC
Credit daeda1us

Description

Weak authentication-cookie signing secrets combined with insecure random generation enable token forgery and authentication bypass in Apache Druid’s Kerberos authenticator.

When druid.auth.authenticator.kerberos.cookieSignatureSecret is not explicitly configured, Apache Druid generates a fallback secret using ThreadLocalRandom, which is not a cryptographically secure RNG. This results in low-entropy, predictable secrets used to sign Kerberos authentication cookies.
An attacker who can observe or brute-force the fallback secret may forge valid authentication cookies, achieving unauthenticated → authenticated escalation.

Additionally, each Druid process generates its own fallback secret. In distributed or multi-broker clusters, this leads to inconsistent signing keys, causing inter-node authentication failures and broken deployments.

The issue affects Apache Druid ≤ 34.0.0.

Vulnerability Details

  • Insecure fallback secret generation:
    When cookieSignatureSecret is absent, Druid derives the signing secret from ThreadLocalRandom, which is not cryptographically secure, making the resulting secret predictable or brute-forceable.

  • Per-process secret divergence:
    Each Druid node uses its own insecurely generated secret, so cookies signed by one node may not validate on another—breaking Kerberos authentication in clustered setups.

  • Potential impact:

    • Authentication bypass: attacker forges Kerberos authentication cookies.
    • Privilege escalation: attacker impersonates legitimate Druid users.
    • Cluster instability: multi-node deployments fail authentication between brokers.

  • Root cause:
    Missing or optional configuration of druid.auth.authenticator.kerberos.cookieSignatureSecret combined with insecure RNG fallback.

This leads to a compromise of the authentication boundary with network-only access and no user interaction.

Steps to Reproduce

  1. Deploy Apache Druid ≤ 34.0.0 with the Kerberos authenticator enabled but without setting:

    druid.auth.authenticator.kerberos.cookieSignatureSecret

  2. Observe cookie signing behavior:
    On startup, each Druid component generates a fallback secret using ThreadLocalRandom.

  3. Capture a Kerberos authentication cookie (e.g., via proxy or local testing).

  4. Attempt to brute-force or predict the fallback secret:
    Due to the low entropy introduced by ThreadLocalRandom, determining the secret (or a collision) is computationally feasible.

  5. Forge a valid authentication cookie:
    Once the attacker acquires or predicts the secret, they can construct arbitrary signed cookies and impersonate any user.

  6. Validate cross-node inconsistencies:
    In a multi-node cluster, cookies signed by one node fail on another, demonstrating the per-process secret mismatch.

Recommendation

  • Upgrade to Apache Druid 35.0.0+:
    This release requires an explicit, strong cookieSignatureSecret for Kerberos authentication. Startup fails if the secret is missing, preventing insecure fallback behavior.

  • Set a cryptographically strong secret in all environments:

    druid.auth.authenticator.kerberos.cookieSignatureSecret=<128-bit or stronger random key>

  • Ensure consistent configuration across all nodes in a cluster (brokers, coordinators, routers, etc.).

  • Use a secure RNG for any future secret generation and avoid fallbacks that reduce entropy.

  • Audit deployments to ensure no nodes are relying on the weak fallback secret from previous upgrades.

How we calculate affected digital assets

Methodology

Digital assets affected by a piece of software or hardware can include installations and real-world usage of that product across servers, websites, IoT devices, and other connected systems.

Data sources we use

  • For many web technologies, we use BuiltWith to estimate how many websites currently use a given product. Example: Vvveb usage statistics on BuiltWith .
  • For products that include telemetry or licensing beacons, we may rely on vendor-reported deployment figures to estimate the number of active installations.

Example: a vendor might share that their firewall product is deployed across a certain number of customer networks or appliances (similar to how a vendor such as NetSweeper reports its deployment footprint). We use those deployment counts as a proxy for affected digital assets.

How we estimate affected users

Estimation

The affected users value is an estimate of how many people are likely exposed to the vulnerability through the impacted assets.

Inputs we consider

  • Vendor data: when available, we use user or deployment counts provided by the vendor (for example, via telemetry, analytics, or licensing systems).
  • Asset-based estimate: when vendor data is not available, we use a conservative baseline of 100 users per asset and multiply it by the number of affected assets.

Example calculation

Suppose a vulnerability affects:

  • 20 IoT devices
  • 40 servers
  • 40 websites

Total affected assets: 20 + 40 + 40 = 100
Using our conservative baseline of 100 users per asset:

Estimated affected users: 100 assets × 100 users = 10,000 users

This approach intentionally aims to be conservative; it gives us a consistent way to compare impact across vulnerabilities and understand the approximate number of users we help protect.