ush.it - a beautiful place

QNAP QTS Domain Privilege Escalation Vulnerability

March 22, 2017 at 4:49 pm - Filed under Hacks - 1222 words, reading time ~4 minutes - Permalink - Comments

Pasquale "sid" Fiorillo found a critical vulnerability in QNAP QTS allowing the recovery of the Domain Admin password. Such password is "encrypted" with XOR and the key is a single byte! Any web application or extraneous software running in your QNAP system can access such configuration file and jeopardize your entire network if the NAS uses domain authentication for it's users.

THP USH Wisec DigitalBullets