CybersecurityVulnerable Gladinet Servers Enable Remote Code Execution
Cybersecurity

Vulnerable Gladinet Servers Enable Remote Code Execution

By Press Release
Vulnerable Gladinet Servers Enable Remote Code Execution

Key Takeaways

  • CentreStack and Triofox are vulnerable to remote code execution, which can lead to malware deployment, backdoor persistence, and credential theft.
  • The vulnerability is caused by a design failure in the generation of cryptographic keys used to encrypt access tokens.
  • The "GenerateSecKey()" function returns the same static 100-byte strings every time the service runs, allowing attackers to extract and use the keys to decrypt any ticket generated by the server.
  • Huntress has urged all CentreStack/Triofox customers to update to the latest version, 16.12.10420.56791, to mitigate the vulnerability.
  • Nine of Huntress’ enterprise customers have already been affected by the vulnerability.

Introduction to the Vulnerability
As with any internet-facing server, remote code execution on CentreStack or Triofox can have severe consequences, including malware deployment, backdoor persistence, and credential theft. Recently, Huntress, a cybersecurity firm, discovered a critical vulnerability in CentreStack and Triofox, two popular file-sharing platforms. The vulnerability allows attackers to execute arbitrary code on the server, which can lead to a range of malicious activities. Huntress has urged all CentreStack/Triofox customers to update to the latest version, 16.12.10420.56791, to mitigate the vulnerability. Unfortunately, nine of Huntress’ enterprise customers have already been affected by the vulnerability, highlighting the importance of prompt action.

The Root Cause of the Issue
At the core of the issue is a design failure in how CentreStack and Triofox generate the cryptographic keys used to encrypt the access tokens the platforms use to control who can retrieve what files. The server relies on a function called "GenerateSecKey()" to produce the AES key and initialization vector (IV) for ticket encryption. However, instead of generating unique values, the function returns the same static 100-byte strings every time the service runs. This means that the keys never change, making it possible for attackers to extract them from memory once and use them to decrypt any ticket generated by the server or even encrypt their own malicious tickets.

Consequences of the Vulnerability
The consequences of this vulnerability are severe. Because the keys never change, an attacker can extract them from memory once and use them to decrypt any ticket generated by the server or worse, encrypt their own. This allows the attacker to gain unauthorized access to sensitive files and data, potentially leading to data breaches, intellectual property theft, and other malicious activities. Furthermore, the static nature of the keys means that an attacker can use them to create their own tickets, allowing them to move laterally within the network and gain access to additional resources. The fact that the keys are static strings of Chinese and Japanese text makes it even easier for attackers to identify and exploit them.

Mitigation and Recommendations
To mitigate the vulnerability, Huntress has urged all CentreStack/Triofox customers to update to the latest version, 16.12.10420.56791. This update addresses the design flaw in the "GenerateSecKey()" function and ensures that unique cryptographic keys are generated for each session. It is essential for customers to apply this update as soon as possible to prevent potential attacks. Additionally, customers should monitor their systems for any suspicious activity and implement additional security measures, such as multi-factor authentication and intrusion detection systems, to prevent and detect potential attacks.

Conclusion and Future Directions
In conclusion, the vulnerability in CentreStack and Triofox highlights the importance of robust security design and testing in software development. The use of static cryptographic keys is a critical design flaw that can have severe consequences, including remote code execution, malware deployment, and credential theft. As software vendors, it is essential to prioritize security and implement robust testing and validation procedures to identify and address potential vulnerabilities before they can be exploited. By doing so, we can prevent attacks and protect sensitive data and systems from malicious activities.

- Advertisement -spot_img

More From UrbanEdge

For Immediate Release

US-Iran Conflict Live Updates: Trump Demands Iran Stand Down; US Consulate Stormed

Press Release -
Breaking: U.S. service members killed after Iran's retaliatory strikes on bases. Trump demands Iran's complete stand down. Global tensions rise as China's condemnation and protests unfold. Israeli military plans more strikes; Iran's retaliation intensifies. The next 48 hours could define a regional conflict...
For Immediate Release

F1 Aus GP Changes: Middle East Conflict Cancels Key Event

Press Release -
The Middle East conflict has led to the cancellation of Pirelli's tyre test in Bahrain, impacting F1 Australian GP logistics. Iranian strikes closed airports, forcing teams to reroute flights. While Melbourne remains on schedule, concerns loom over the upcoming Bahrain and Saudi Arabian Grands Prix...
For Immediate Release

Oracle Red Bull Racing Partnership: Multi-Year Deal Powers Data-Driven Performance

Press Release -
Oracle and Red Bull Racing extend their groundbreaking partnership, integrating Oracle's advanced AI and cloud technologies into all aspects of race operations. This deal empowers Red Bull Ford Powertrains to excel under the impending F1 regulation shifts and debut revolutionary AI strategy agents trackside in 2025...
For Immediate Release

Microsoft Bug Hides Mouse Pointer in Classic Outlook Fix

Press Release -
Microsoft has confirmed a bug in classic Outlook that causes the mouse pointer to disappear, affecting usability. The issue also impacts OneNote and other 365 apps. Microsoft is working on a fix, but in the meantime, users can try temporary workarounds involving PowerPoint to navigate blindly...
For Immediate Release

Fake Job Recruiters’ Malware in Developer Coding Challenges

Press Release -
Cybercriminals are exploiting developer job hunts by embedding malware in coding challenges. These attacks are effective as they leverage routine aspects of the developer workflow. Fake recruiters promise unrealistic salaries while embedding malicious code, making vigilance crucial for job-seekers in the tech industry...
For Immediate Release

Business Data, Emails & Browsing History Theft by Malicious Chrome Extensions

Press Release -
Cybercriminals exploit Chrome extensions to access confidential business data, emails, and browsing history from millions of users. These malicious tools often disguise themselves as legitimate productivity extensions, putting unsuspecting users at risk. Discover how to identify threats and protect your sensitive information from stealthy cyber intrusions...
For Immediate Release

Valentine’s Day Cyber Threats & Risks: Protect Yourself

Press Release -
Valentine's Day creates a perfect storm for cybercriminals, with romance scams accounting for $697 million in losses and phishing attempts spiking by 28%. Protect yourself by employing security measures like two-factor authentication and understanding swift actions post-scam to minimize risk and financial damage...
For Immediate Release

PlayStation 2026 State of Play Games Reveals & Announcements

Press Release -
PlayStation's 2026 State of Play unveiled over 15 new titles, including a surprise God of War spin-off and a remake of the original trilogy. Fans thrilled over the John Wick game reveal featuring Keanu Reeves, with new IPs and third-party revivals like Castlevania also showcased...
Australia

Queensland Flood Alerts: Storms to End Extreme Heatwave

[email protected] -
Queensland Flood Alerts: Storms to End Extreme Heatwave Projected Rainfall...
- Advertisement -spot_img