Local Users Can Bypass Security on QNAP NAS Products with Undocumented Key
CVE-2009-3200

Currently unrated

Key Information:

Vendor: Qnap
Status: Ts-239 Pro Turbo Nas; Ts-639 Pro Turbo Nas
Vendor: CVE Published:; 21 September 2009

Summary

The QNAP TS-239 Pro and TS-639 Pro devices running specific firmware versions contain a significant vulnerability that allows local users to bypass the passphrase requirement for decrypting the hard drive. This occurs through the creation of an undocumented recovery key stored in the ENCK variable within the device's flash memory. By accessing this variable, users can deobfuscate the key and utilize the cryptsetup luksOpen command to gain unauthorized access to the encrypted data.

References

http://www.baseline-security.de/downloads/BSC-Qnap_Crypto...

x_refsource_MISC

http://secunia.com/advisories/36793

third-party-advisoryx_refsource_SECUNIA

http://forum.qnap.com/viewtopic.php?f=12&t=12104&start=10...

x_refsource_MISC

Timeline

Vulnerability published
Sep 21, 2009
Vulnerability Reserved
Sep 15, 2009