Huntress warns about a newly exploited vulnerability in Gladinetβs CentreStack and Triofox products due to hard-coded cryptographic keys, which can lead to remote code execution and data leaks. Organizations using these products should update to the latest version and monitor their logs for specific indicators of compromise. #Gladinet #Triofox #WebConfigExploitation
Keypoints
- The vulnerability stems from the hard-coded cryptographic keys generated by the GenerateSecKey() function.
- Threat actors can exploit the flaw through crafted URL requests to access and manipulate encrypted access tickets.
- Up to nine organizations across diverse sectors have been affected by active exploitation of this flaw.
- Attackers can potentially perform remote code execution by leveraging the web.config file and machine key access.
- Organizations are advised to update their software to version 16.12.10420.56791 and follow security procedures for key rotation.
Read More: https://thehackernews.com/2025/12/hard-coded-gladinet-keys-let-attackers.html