CVE-2009-3200

Sažetak

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command.

Reference

http://forum.qnap.com/viewtopic.php?f=11&t=11214&start=20#p63346
http://forum.qnap.com/viewtopic.php?f=12&t=12104&start=10#p63341
http://secunia.com/advisories/36793
http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt
http://www.securityfocus.com/archive/1/506607/100/0/threaded
http://www.securityfocus.com/bid/36467
http://www.securitytracker.com/id?1022916
https://exchange.xforce.ibmcloud.com/vulnerabilities/53391

CVSS

Base:	5.9
Impact:	8.5
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:P/A:P

Zadnje važnije ažuriranje

10-10-2018 - 19:43

Objavljeno

21-09-2009 - 19:30