Hackers Exploit CentreStack Flaw: A Comedy of Cryptographic Errors!
Hackers are shaking down Gladinet CentreStack like it’s a vending machine, exploiting a new vulnerability to grab cryptographic keys and achieve remote code execution. Huntress warns that insecure cryptography is letting attackers swipe these keys from the web.config file. Time to update your software, lest your data becomes a hacker’s snack!
Hot Take:
Uh-oh, it looks like CentreStack has accidentally opened the door to its cryptographic party, and the hackers RSVP’d “yes”! While most of us struggle with remembering passwords, these cybercriminals have cracked the code to access web.config like it’s their personal diary. Hopefully, they didn’t find out about our guilty pleasure Netflix shows while they were in there. But in all seriousness, CentreStack needs to change those locks and maybe even the house address before more uninvited guests show up.
Key Points:
– Gladinet CentreStack instances are being targeted by cybercriminals exploiting a cryptographic vulnerability.
– The attackers can access the ‘web.config’ file containing a ‘machineKey’ cryptographic key.
– Hackers exploit static 100-byte strings used to derive cryptographic keys in CentreStack.
– Attackers can achieve remote code execution by abusing the ASPX ViewState mechanism.
– Organizations are advised to update CentreStack to the latest version and review IoCs from Huntress and Gladinet.