Insufficient entropy in getLoginHash generation

Problem/Motivation

This module may have an insufficient entropy issue with hash generation

The impact here is pretty minimal, at best it would allow a replay attack but would only be possible within a 5 min window https://git.drupalcode.org/project/tfa/-/blob/2.x/src/Controller/TfaLogi...

Steps to reproduce

You can see this vulnerability by:
https://git.drupalcode.org/project/tfa/-/blob/2.x/src/TfaLoginTrait.php?...
Of the three items used for entropy, 2 of them are publicly available information (username, last login time) for anyone with 'view user profiles' permission.

Proposed resolution

Also use the site's privatekey and hash salt?

Remaining tasks

User interface changes

None

API changes

None

Data model changes

Prior Work

This report was initially reported opened via the Drupal Security Team tracker by @larowlan on Wed, 2025-02-19 at 23:13 UTC.

https://security.drupal.org/node/182712 (Note: Only maintainers, the security team and reporters have access to this link, do not report access denied errors.)

Initial code review indicate that that the 3rd entropy source would be known only if the user had access to the data as stored in the database.

Questions were raised regarding the User Login time accessibility, however no full audit was performed.

For threat evaluation it is being assumed all 3 conditions are available to an attacker (a copy of the Drupal database has been acquired).

Addtionaly protection against any exploit is provided via data stored in the current session requiring that an attacker would have to either present the first factor credentials through the login process (the hash is irrelevant as a new hash can be generated) or that an exploit path described in SA-CONTRIB-2024-043 be present in versions prior to 8.x-1.9.

An additional several days were taken to consider alternative fault paths in 8.x-1.x and 2.x branches prior to publication, none were apparent.

Cleared for public disclosure.