Enter Software Iperius Backup Hard-Coded Cryptographic Key Vulnerability

A vulnerability exists in Enter Software Iperius Backup versions prior to 8.7.2, where sensitive user credentials are stored in the IperiusAccounts.ini file. The encryption uses a hard-coded key, derived from a static Italian-language error message, applied uniformly across all installations. This key allows for offline decryption of credentials, including those for Domain Administrator, SQL Database, SMTP, FTP, and Cloud Storage accounts. The vulnerability requires local access to the configuration file, but the decryption can be performed using a publicly available Python script or by exploiting the application as a Decryption Oracle.

Impact

The vulnerability allows for offline recovery of encrypted credentials, leading to unauthorized access to various accounts and potential local privilege escalation to NT AUTHORITY\SYSTEM.

Reproduction

The vulnerability can be reproduced by accessing the IperiusAccounts.ini file on a local machine with Iperius Backup installed. The hard-coded key can be used to decrypt the file's contents, which include sensitive credentials. This process can be automated with a provided Python script.

Remediation

Users are advised to upgrade to Iperius Backup version 8.7.4, which addresses this vulnerability by implementing a more secure encryption method for credentials. The update is available on the Iperius Backup website.