Full Report
Weak hashing algorithm allows attacker get passwords in clear text.
Analysis Summary
# Vulnerability: Zipato Zipabox Weak Hashing Algorithm
## CVE Details
- **CVE ID:** CVE-2018-15124
- **CVSS Score:** 8.6 (High) *Note: The advisory text lists 0.0, but the provided vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N calculates to 8.6.*
- **CWE:** CWE-327 (Use of a Broken or Risky Cryptographic Algorithm) / CWE-916 (Use of Password Hash with Insufficient Computational Effort)
## Affected Systems
- **Products:** Zipato Zipabox (Smart Home Controller)
- **Versions:** Versions prior to June 2018; specific firmware version numbers not provided by vendor.
- **Configurations:** Devices using the default authentication and password storage mechanisms.
## Vulnerability Description
The Zipato Zipabox smart home controller utilizes a weak hashing algorithm for password protection. Due to the lack of cryptographic strength or insufficient computational complexity in the chosen algorithm, an attacker can reverse the hashes or employ brute-force techniques to recover user passwords in clear text. This flaw stems from a failure to implement robust, modern salted hashing standards.
## Exploitation
- **Status:** Unknown (No publicly available PoC at time of advisory)
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** High (Clear text password recovery)
- **Integrity:** None (Directly; however, recovered credentials can lead to unauthorized access)
- **Availability:** None
## Remediation
### Patches
- **Vendor Fix:** The vendor notified Kaspersky on June 6, 2018, that "some vulnerabilities" were fixed. Users should ensure their Zipabox firmware is updated to the latest available version via the Zipato control interface.
- **Support Status:** The vendor stopped responding to Kaspersky ICS CERT inquiries following the initial notification.
### Workarounds
- **Network Segmentation:** Place the Zipabox controller behind a firewall or on a separate VLAN to restrict unauthorized network access.
- **Credential Hygiene:** Use unique, high-entropy passwords to increase the difficulty of successful brute-force attacks against weak hashes.
- **VPN:** Access the controller remotely only through a secure VPN rather than exposing the device directly to the internet.
## Detection
- **Indicators of Compromise:** Unusual login activity from unrecognized IP addresses or multiple failed authentication attempts in device logs.
- **Detection Methods and Tools:** Network security monitoring (NSM) to identify unauthorized traffic to the controller's management interface.
## References
- Kaspersky ICS CERT Advisory: hxxps[://]ics-cert[.]kaspersky[.]com/advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/
- NVD - CVE-2018-15124: hxxps[://]nvd[.]nist[.]gov/vuln/detail/CVE-2018-15124
- CVSS Vector: hxxps[://]www[.]first[.]org/cvss/calculator/3.1#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N