제출 #662771: Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Insecure Encryption Algorithm정보

제목Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Insecure Encryption Algorithm
설명The Furbo Mini device stores the root user password in `/etc/shadow` using DES-based hashing. DES (Data Encryption Standard) is a deprecated encryption method known to be cryptographically weak due to its: - Small key size (56-bit), - Susceptibility to brute-force attacks, - Vulnerability to modern cryptanalysis. Because of this weak encryption, an attacker with access to the device's filesystem (e.g., via UART or firmware extraction) can easily *brute-force the root password hash and obtain cleartext credentials using commonly available tools like Hashcat. This allows an attacker to: - Bypass all local authentication protections, - Access or manipulate sensitive system data, - Escalate privileges or modify the device’s behavior.
원천⚠️ https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure-Encryption-Algorithm.md
사용자
 jTag Labs (UID 51246)
제출2025. 09. 25. PM 09:03 (9 개월 ago)
모더레이션2025. 10. 11. PM 08:34 (16 days later)
상태수락
VulDB 항목328061 [Tomofun Furbo 360/Furbo Mini Password /etc/shadow 약한 암호화]
포인트들20

Do you want to use VulDB in your project?

Use the official API to access entries easily!