| tiêu đề | Tomofun Furbo 360, Furbo Mini Furbo 360 (≤ FB0035_FW_036), Furbo Mini (≤ MC0020_FW_074) Insecure Encryption Algorithm |
|---|
| Mô tả | The Furbo Mini device stores the root user password in `/etc/shadow` using DES-based hashing. DES (Data Encryption Standard) is a deprecated encryption method known to be cryptographically weak due to its:
- Small key size (56-bit),
- Susceptibility to brute-force attacks,
- Vulnerability to modern cryptanalysis.
Because of this weak encryption, an attacker with access to the device's filesystem (e.g., via UART or firmware extraction) can easily *brute-force the root password hash and obtain cleartext credentials using commonly available tools like Hashcat.
This allows an attacker to:
- Bypass all local authentication protections,
- Access or manipulate sensitive system data,
- Escalate privileges or modify the device’s behavior. |
|---|
| Nguồn | ⚠️ https://github.com/dead1nfluence/Furbo-Advisories/blob/main/Insecure-Encryption-Algorithm.md |
|---|
| Người dùng | jTag Labs (UID 51246) |
|---|
| Đệ trình | 25/09/2025 21:03 (cách đây 9 các tháng) |
|---|
| Kiểm duyệt | 11/10/2025 20:34 (16 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 328061 [Tomofun Furbo 360/Furbo Mini Password /etc/shadow mã hóa yếu] |
|---|
| điểm | 20 |
|---|