Hackers are exploiting a previously undocumented cryptographic vulnerability in Gladinetβs CentreStack and Triofox products, leading to remote code execution and access to sensitive information. Gladinet has issued updates and indicators of compromise to help organizations defend against ongoing attacks. #Gladinet #CentreStack #Triofox #cryptovulnerability #remotecodeexecution
Keypoints
- The vulnerability involves hardcoded AES cryptographic keys in Gladinetβs products.
- Attackers can decrypt Access Tickets and forge tickets to impersonate users.
- Exploitation allows remote code execution via a Web.config file and ViewState deserialization flaw.
- Nine organizations across healthcare and technology sectors have been targeted.
- Gladinet recommends updating to version 16.12.10420.56791 and rotating machine keys for mitigation.