As with every web going through server, distant code execution on CentreStack or Triofox can doubtlessly result in malware deployment, backdoor persistence, and credential theft. Huntress urged all CentreStack/Triofox prospects to replace to the newest model, 16.12.10420.56791, saying 9 of its enterprise prospects had already been affected.
Hardcoded keys, tougher penalties
On the core of the difficulty is a design failure in how CentreStack and Triofox generate the cryptographic keys used to encrypt the entry tokens the platforms makes use of to regulate who can retrieve what recordsdata. Huntress discovered that the server depends on a operate referred to as “GenerateSecKey()” to provide the AES key and initialization vector (IV) for ticket encryption — however as a substitute of producing distinctive values, the operate returns the identical static 100-byte strings each time the service runs.
“As a result of the keys by no means change, we may extract them from reminiscence as soon as and use them to decrypt any ticket generated by the server or worse, encrypt our personal,” the researchers mentioned, including that the keys had been static strings of Chinese language and Japanese textual content.
