Primary

Context

GRAU DATA Blocky Password Storage Vulnerability Allowing Local User Impersonation

Vulnerability

A vulnerability exists in GRAU DATA Blocky versions 2.6.x and 2.7.x on Windows, where passwords are stored encrypted instead of hashed. During login, the encrypted password is decrypted and compared to the user's input. This flaw allows an attacker with Windows admin or debugging rights to steal the user's Blocky password and impersonate them locally.

Impact

Exploitation of this vulnerability could lead to local privilege escalation by allowing an attacker to impersonate another user on the system.

Remediation

Users are advised to update Blocky to version 3.1. Instructions for updating can be found on the Blocky for Veeam website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GRAU DATA Blocky Password Storage Vulnerability Allowing Local User Impersonation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating