Lucene search
MitreCVELIST:CVE-2009-3200HistorySep 21, 2009 - 7:00 p.m.
CVE-2009-3200
2009-09-2119:00:00
mitre
www.cve.org
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable, deobfuscating the key, and running a cryptsetup luksOpen command.
References
forum.qnap.com/viewtopic.php?f=11&t=11214&start=20#p63346
forum.qnap.com/viewtopic.php?f=12&t=12104&start=10#p63341
secunia.com/advisories/36793
www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt
www.securityfocus.com/archive/1/506607/100/0/threaded
www.securityfocus.com/bid/36467
www.securitytracker.com/id?1022916
exchange.xforce.ibmcloud.com/vulnerabilities/53391
Related
prion
prion
Design/Logic Flaw
2009-09-21 19:30:00
packetstorm
packetstorm
QNAP Systems Encryption Bypass
2009-09-19 00:00:00
nvd
nvd
CVE-2009-3200
2009-09-21 19:30:00
cve
cve
CVE-2009-3200
2009-09-21 19:30:00
securityvulns
securityvulns
Backdoor in Qnap storage devices
2009-09-21 00:00:00
Advisory: Crypto backdoor in Qnap storage devices (CVE-2009-3200)
2009-09-21 00:00:00