Gladinet CentreStack Flaw Exploited to Hack Organizations

Huntress warns of a new wave of attacks targeting Gladinet CentreStack instances to retrieve cryptographic keys and achieve remote code execution.

As part of the attacks, hackers have exploited a new vulnerability in the mobile access and secure sharing solution, the cybersecurity firm says.

The exploited bug, Huntress says, is an insecure cryptography issue that allows attackers to access the ‘web. config’ file, which contains a ‘machineKey’ cryptographic key.

Huntress’s analysis of the attacks revealed that the hackers have been abusing the fact that CentreStack relies on the same two 100-byte strings to derive the cryptographic keys.

According to the cybersecurity firm, an attacker that can retrieve this cryptographic information can also use it for future encryption/decryption operations, thus compromising the instance.

“Because these keys never change, we could extract them from memory once and use them to decrypt any ticket generated by the server or worse, encrypt ...