[CVE-2019-12376] LANDesk Management Server - Hard-coded Encryption Key

Use of a hard-coded encryption key in LDMS Service Update 5 may lead to full managed endpoint compromise

May 25, 2019

Multiple cryptographic vulnerabilities have been identified in the web API endpoint at http://<coreserver>/landesk/managementsuite/core/cmp.secure. These vulnerabilities compromise the at-rest security model of all data protected by this module, and could lead to unauthorized device decryption, credential disclosure, and full managed endpoint compromise.

This API endpoint is used for encryption of such sensitive information as filevault credentials, administrative override credentials, Windows credentials, domain credentials, and service account credentials.

The vulnerabilities were found within the method LANDesk.CMP.Business.Crypto.EncryptByQuickAEStoDB located inside the DLL LANDesk.CMP.Business.dll. If we throw this DLL into my favorite .NET decompiler JetBrains dotPeek, we can see that this method is used in 13 other methods in 28 separate locations within the DLL.

This method makes use of the property LANDesk.CMP.Business.Crypto.QuickAESKey, which either generates and stores or retrieves a previously-generated cryptographic key. The issue starts to become apparent within the methods that store and retrieve the AES key.
The key is retrieved on the highlighted line, which corresponds to this property here:

You can see here that the AES key is stored using the DES cipher, which is considered a broken or risky cryptographic algorithm. However, this is not the primary issue.

The primary issue becomes apparent when inspecting the DES decryption method here:

Looking into the highlighted field brings us here:

The key encryption key and IV used to encrypt the master AES key are hard-coded into the DLL. .NET does not compile into native bytecode, instead compiling into Microsoft CIL. CIL contains enough metadata that the original C#/.NET source can be recovered with a high degree of accuracy.

Since the source can be trivially recovered, the key encryption key can be trivially recovered. As this key is used to encrypt the master AES key, the master AES key can be trivially recovered. With the master AES key compromised, any data encrypted using the method LANDesk.CMP.Business.Crypto.EncryptByQuickAEStoDB can be trivially recovered.

As the aforementioned method is used for encrypting sensitive administrative data, such as credentials and device encryption keys, an attacker that is able to read from the database can also decrypt the data stored there and use it to fully compromise any managed device whose credentials are stored using this library.

The vendor has been notified of this issue, and has confirmed that LDMS version SU 5 is no longer supported. Thus, this vulnerability will not be patched.

Return to blog