2.5 CVE-2023-37395

Brute Force
 

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.
https://nvd.nist.gov/vuln/detail/CVE-2023-37395

Categories

CWE-327 : Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol. Automated methods may be useful for recognizing commonly-used libraries or features that have become obsolete. This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. Ensure that the design allows one cryptographic algorithm to be replaced with another in the next generation or version. Where possible, use wrappers to make the interfaces uniform. This will make it easier to upgrade to stronger algorithms. With hardware, design the product at the Intellectual Property (IP) level so that one cryptographic algorithm can be replaced with another in the next generation of the hardware product. Carefully manage and protect cryptographic keys (see CWE-320). If the keys can be guessed or stolen, then the strength of the cryptography itself is irrelevant. When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks. SCADA-based protocol supports a legacy encryption mode that uses Tiny Encryption Algorithm (TEA) in ECB mode, which leaks patterns in messages and cannot protect integrity Programmable Logic Controller (PLC) uses a protocol with a cryptographically insecure hashing algorithm for passwords. Product uses "ROT-25" to obfuscate the password in the registry. product only uses "XOR" to obfuscate sensitive data product only uses "XOR" and a fixed key to obfuscate sensitive data Product substitutes characters with other characters in a fixed way, and also leaves certain input characters unchanged. Attackers can infer private IP addresses by dividing each octet by the MD5 hash of '20'. Product uses DES when MD5 has been specified in the configuration, resulting in weaker-than-expected password hashes. Default configuration of product uses MD5 instead of stronger algorithms that are available, simplifying forgery of certificates. Product uses the hash of a hash for authentication, allowing attackers to gain privileges if they can obtain the original hash.

References


 

CPE

cpe start end


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
20 Encryption Brute Forcing
Low
459 Creating a Rogue Certification Authority Certificate
Very High
473 Signature Spoof
475 Signature Spoofing by Improper Validation
High
608 Cryptanalysis of Cellular Encryption
High
614 Rooting SIM Cards
High
97 Cryptanalysis
Very High


MITRE


Techniques

id description
T1036.001 Masquerading: Invalid Code Signature
T1553.002 Subvert Trust Controls:Code Signing
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Mitigations

id description
T1036.001 Require signed binaries.
© 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation.