Vulnerability Disclosure -Statically Derived Encryption Key @ Zoho R.A.P.
Status: Fixed (As on 27-Aug-2021)
Fixed version: 10.1.2121.1 (Change log)
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N = 7.1 (High Severity)
CVE-2021–41829
Impacted Component: Remote Access Plus (RAP) Server (Desktop App)
Vulnerability Description: It was observed that the Zoho remote access plus application makes use of build number of the application to calculate password/key. Credential derivation method is hardcoded within the source code, which can be reverse engineered very easily (DCBackupRestore Jar file present within lib). The product is also vulnerable to Improper file permission, due to which the encrypted backup can be stolen very easily and can be decrypted via making use of this vulnerability.
Impact rational: This static key was used for encryption of the Backup files, which consists of all other sensitive info like server config, DB, entire enterprise system/user detail, all other system info., their vulnerability/patch status, and many other details.
Exploitability rational:
Since it is statically derived value, which remains same across all installations for a build, finding password/key doesn’t need system access and can be harvested from anywhere (and the app is easily downloadable over the internet). Moreover, static/hardcoded values are one of the most hazardous vulnerabilities which can be found via R.E. in managed/unmanaged code.
Steps to Reproduce & Supportive Evidence:
RE of the un-obfuscated code gives you the details. (DCBackupRestore Jar file present within lib, can be opened in tools like JDGui)
Recommendation:
- SecureRandom function can be used to generate credentials on the first time of installation to have different creds. across all installations.
- For storage prefer vault / seek user input there by via PBKDF2 encrypt / Leveraging on Windows Auth. For connection string rely on filesystem ACL in worst case.
