Cryptographic Issues

CVE-2009-3200

Medium

5.9/10

Summary

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command.

Access Complexity: MEDIUM
AccessVector: LOCAL
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: COMPLETE
Availability Impact: PARTIAL

CWE-310 - Cryptographic Issues

Cryptographic issues is a category of weaknesses related to the design and implementation of the confidentiality and integrity of data. If not addressed, the weaknesses in this category can lead to data quality degradation.

References

Advisory Timeline

Published Sep 21, 2009

Cryptographic Issues

CVE-2009-3200

Summary

CWE-310 - Cryptographic Issues

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS