exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Yealink Configuration Encrypt Tool Static AES Key

Yealink Configuration Encrypt Tool Static AES Key
Posted Feb 21, 2024
Authored by Jeroen J.A.W. Hermans

A single, vendorwide, hardcoded AES key in the Yealink Configuration Encrypt Tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.

tags | exploit
advisories | CVE-2024-24681
SHA-256 | 5231a89077e6f3acf7d704bf699a2012bd1f949a0d291b1104b455e12e90fb07

Yealink Configuration Encrypt Tool Static AES Key

Change Mirror Download
CloudAware Security Advisory

CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool


========================================================================
Summary
========================================================================
A single, vendorwide, hardcoded AES key in the configuration tool used to
encrypt provisioning documents was leaked leading to a compromise of
confidentiality of provisioning documents.

========================================================================
Product
========================================================================
* Yealink Configuration Encrypt Tool (AES version)
* Yealink Configuration Encrypt Tool (RSA version <v1.2)

========================================================================
Detailed description
========================================================================
The Yealink Configuration Encrypt Tool facilites provisioning and
configuration mangement
of Yealink products, such as VoIP phones. The tool created AES encrypted
provisioning
documents, containing configuration directives such as
username=user1
passwword=passw0rd!
serverhost=sip.host.com
callerid=+19051231212
The files created by this tool are then transferred to the Yealink
equipment. The equipment
decrypts the files and uses them to configure itself.
This process needs to be secure. So these files are encrypted.
The decryption is done by a static, hardcoded, key that is identical
across all installs and
customers. After decryption of this file by the hardcoded AES key
confidential information,
such as user passwords are visible in plain text.
This implies that knowledge of this hardcoded key allows for the
disclosure of sensitive
information from the configuration files, or that files with different
information can be
introduced and are axiomatically trusted by the phone.
As this key is static - this includes historic files from any customer
that used this tool.
The vendor has fixed this in version 1.2 of the Configuration Encrypt Tool.

========================================================================
Solution
========================================================================
1) Upgrade Yealink Configuration Encrypt Tool to version 1.2
2) Evaluate the impact of the disclosure of any configurations rolled
out with
prior versions of this tool (including, specifically, the leaking of
passwords)

========================================================================
Mitigation
========================================================================
1) If an upgrade is not an option - as `anyone' can create valid
configuration
files; ensure that affected equipment is unable to reach provisioning
servers.
2) Evaluate the impact of the disclosure of any configurations rolled
out prior
to these mitigation steps

========================================================================
Weblinks
========================================================================
https://github.com/gitaware/CVE/tree/main/CVE-2024-24681

========================================================================
History
========================================================================
early 2020, release of Configuration Encrypt Tool v1 containing RSA
encryption method
juli 2022, Yealink informed “old” AES key still present and working in tool
2023, new version of Configuration Encrypt Tool v1.2 without a hardcoded
AES
encryptionkey
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close