Submeter #662771: Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Insecure Encryption Algorithminformação

TítuloTomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Insecure Encryption Algorithm
DescriçãoThe Furbo Mini device stores the root user password in `/etc/shadow` using DES-based hashing. DES (Data Encryption Standard) is a deprecated encryption method known to be cryptographically weak due to its: - Small key size (56-bit), - Susceptibility to brute-force attacks, - Vulnerability to modern cryptanalysis. Because of this weak encryption, an attacker with access to the device's filesystem (e.g., via UART or firmware extraction) can easily *brute-force the root password hash and obtain cleartext credentials using commonly available tools like Hashcat. This allows an attacker to: - Bypass all local authentication protections, - Access or manipulate sensitive system data, - Escalate privileges or modify the device’s behavior.
Fonte⚠️ https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure-Encryption-Algorithm.md
Utilizador
 jTag Labs (UID 51246)
Submissão25/09/2025 21h03 (há 9 meses)
Moderação11/10/2025 20h34 (16 days later)
EstadoAceite
Entrada VulDB328061 [Tomofun Furbo 360/Furbo Mini Password /etc/shadow Encriptação fraca]
Pontos20

Do you need the next level of professionalism?

Upgrade your account now!