Volerion logoVolerion
Volerion logoVolerion

Mobatek MobaXterm Password Encryption Vulnerability Allowing Information Disclosure

Vulnerability

A vulnerability exists in Mobatek MobaXterm versions prior to 25.0, related to the insecure storage of passwords. The application uses an initialization vector (IV) of all zero bytes and a master key derived from the user's password to encrypt each password individually. This method creates a situation where the AES CFB ciphertext is solely dependent on the plaintext password, allowing for potential decryption of stored passwords. The static IV and master key can also facilitate chosen plaintext attacks and the recognition of password reuse, as identical passwords result in the same ciphertext.

Impact

The vulnerability allows for the decryption of stored passwords, recognition of password reuse, and the possibility of chosen plaintext attacks if some passwords can be recovered.

Remediation

Users are advised to manually reencrypt all passwords that were encrypted with a vulnerable version of MobaXterm.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
6.6
impact
2.5
exploitability
3.3
remediation
8.3
relevance
0.0
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.