Active Exploitation of Gladinet CentreStack/Triofox Insecure Cryptography Vulnerability

Description

A critical vulnerability in Gladinet's CentreStack and Triofox products has been discovered, involving hardcoded cryptographic keys in their AES implementation. This flaw allows potential access to the web.config file, enabling deserialization and remote code execution. Attackers are actively targeting this vulnerability across various organizations. The issue stems from static encryption keys derived from unchanging Chinese and Japanese text strings, allowing for decryption and creation of access tickets. Exploitation attempts have been observed across multiple sectors, with attackers using the vulnerability to obtain machine keys and perform viewstate deserialization attacks. Immediate updates to the latest version and machine key rotation are recommended for mitigation.