An alarming security flaw has been uncovered in Dell’s Compellent Integration Tools for VMware (CITV), revealing a hardcoded encryption key that enables attackers to decrypt and access stored vCenter admin credentials. Tracked as CVE-2023-39250, the vulnerability stems from a static AES encryption key shared across all CITV installations, used to secure vCenter credentials within the program’s configuration file.
The affected software, designed for seamless integration with VMware vCenter, poses a significant threat due to the compromised admin credentials potentially granting unauthorized access to critical systems. The flaw, initially dismissed by Dell, has prompted urgent mitigation efforts as researchers shed light on its grave implications.
Tom Pohl from LMG Security exposed the vulnerability during a penetration exercise, unveiling a static AES encryption key that is identical across all installations of Dell CITV. This key encrypts the program’s configuration file, including the sensitive vCenter admin credentials. The use of a symmetric cipher allows attackers to easily decrypt the file and access the encrypted password once the key is extracted.
Pohl emphasized that this flaw allows unauthorized parties to obtain the encryption key used to protect the admin credentials, posing a serious risk to system security.
The potential exploitation of this vulnerability is not limited to cybercriminals; even rogue insiders or external attackers with low privileges could compromise systems with access to Dell CITV. Although Dell has pledged to release a fix by November 2023, concerns remain as the flaw’s disclosure policy has already expired.
LMG Security’s research underscores the pressing need for robust cybersecurity measures to prevent unauthorized access to critical credentials and emphasizes the importance of swift mitigation efforts in the face of such vulnerabilities.
