A researcher uncovered nine vulnerabilities in CryptWare CryptoPro Secure Disk, a pre-boot encryption tool used in enterprise environments and possibly within Diebold Nixdorf ATM security components. The findings suggest attackers could potentially bypass encryption, run arbitrary code during pre-boot, and steal cash through ATM jackpotting, though Diebold disputes the direct impact on its machines. #CryptWare #CryptoProSecureDisk #DieboldNixdorf #VynamicSecuritySuite #Ploutus
Keypoints
- Matt Burch will present nine vulnerabilities in CryptWare CryptoPro Secure Disk at Black Hat USA 2026.
- The flaws affect a full-disk encryption and pre-boot authentication product used on Windows systems.
- Burch says the issues could let an attacker mount disks in plaintext and recover encryption secrets.
- The research also suggests arbitrary Linux code could run on an ATM before Windows loads.
- Diebold Nixdorf disputes the findingsβ real-world impact on its ATMs and says only some issues may apply.
Read More: https://www.darkreading.com/vulnerabilities-threats/atm-crypto-software-bugs-jackpot-bust