Kaseya Rapid Fire Tools Network Detective Reversible Encryption Vulnerability

A vulnerability exists in Kaseya Rapid Fire Tools Network Detective versions through 2.0.16.0, where the EncryptionUtil class implements symmetric encryption in a deterministic manner. The encryption method derives both the key and initialization vector from a fixed, hardcoded input using a static salt, leading to identical ciphertext outputs for identical plaintext inputs. This flaw creates a predictable and reversible encryption process, allowing encrypted passwords to be easily decrypted. The issue affects both FIPS and non-FIPS generated passwords, highlighting a significant cryptographic implementation flaw.

Impact

The vulnerability allows for the reversible decryption of passwords and sensitive data encrypted with the flawed encryption routine, exposing original credentials without the need for decryption keys. This is particularly concerning as the encrypted data often includes administrative passwords, which can be exploited to access and compromise client environments.

Reproduction

The vulnerability can be reproduced by encrypting passwords using the application's encryption method, which is available in the Network Detective tool. The same plaintext input will always produce the same ciphertext output, demonstrating the deterministic nature of the encryption. After encryption, the original passwords can be easily retrieved by applying a simple decryption process, taking advantage of the predictable encryption scheme.

Remediation

Kaseya has released an update for RapidFire Tools Network Detective. Users are advised to update all instances of the application, verify that no temporary files containing passwords exist, and rotate all previously used credentials.