Nsasoft Backup Key Recovery Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Nsasoft Backup Key Recovery version 2.2.5. This vulnerability allows attackers to crash the application by entering an excessively long registration key. By generating a payload file with 1000 characters and pasting it into the registration key field, the application can be made to crash.

Impact

Exploitation of this vulnerability leads to a crash of the Backup Key Recovery application, causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, download and install Backup Key Recovery version 2.2.5. After installation, run a Python script that creates a 1000-character payload file named 'poc.txt'. Open the Backup Key Recovery application and navigate to the registration section. Copy the payload from 'poc.txt' and paste it into the 'Key' registration field. Click 'Ok' to submit. The application will crash, demonstrating the denial-of-service vulnerability.