CVE-2021-41096 – Rucky versions 2.2 and earlier (release builds)... (How to Fix)

Q: What is the severity of CVE-2021-41096?

CVE-2021-41096 has a CVSS score of 7.5 (HIGH). Rucky versions 2.2 and earlier (release builds) and 425 and earlier (nightly builds) use weak RSA/ECB/PKCS1Padding encryption, which could allow attackers to decrypt sensitive data. This affects Android users running vulnerable Rucky versions for USB HID Rubber Ducky functionality. The vulnerability stems from using outdated cryptographic algorithms that are susceptible to attacks.

📋 TL;DR

Rucky versions 2.2 and earlier (release builds) and 425 and earlier (nightly builds) use weak RSA/ECB/PKCS1Padding encryption, which could allow attackers to decrypt sensitive data. This affects Android users running vulnerable Rucky versions for USB HID Rubber Ducky functionality. The vulnerability stems from using outdated cryptographic algorithms that are susceptible to attacks.

💻 Affected Systems

Products:

Rucky

Versions: Release builds ≤ 2.2, Nightly builds ≤ 425

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable by default due to the weak cryptographic implementation.

📦 What is this software?

Rucky by Rucky Project

View all CVEs affecting Rucky →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could decrypt sensitive data transmitted or stored by Rucky, potentially exposing credentials, configuration data, or other protected information.

🟠

Likely Case

Information disclosure of encrypted data if attackers can intercept or access encrypted communications or storage.

🟢

If Mitigated

Minimal impact if strong encryption is implemented or if the vulnerable feature is disabled.

🌐 Internet-Facing: LOW - Rucky is primarily a local Android application for USB HID functionality, not typically internet-exposed.

🏢 Internal Only: MEDIUM - While local to Android devices, compromised data could affect internal systems if Rucky handles sensitive information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires access to encrypted data and cryptographic analysis capabilities, but no public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Release builds v2.3+, Nightly builds 426+

Vendor Advisory: https://github.com/mayankmetha/Rucky/security/advisories/GHSA-32m7-456v-wgfw

Restart Required: Yes

Instructions:

1. Update Rucky from Google Play Store or GitHub releases. 2. For nightly builds, update to version 426 or later. 3. Restart the application after update.

🔧 Temporary Workarounds

Disable Advanced Security Feature

android

If the vulnerable encryption feature is not required, disable it in Rucky settings to mitigate the risk.

Open Rucky → Settings → Security → Disable 'Advanced Security' or similar encryption feature

🧯 If You Can't Patch

Disable the advanced security feature in Rucky settings if not required
Isolate Android devices running vulnerable Rucky versions from sensitive networks

🔍 How to Verify

Check if Vulnerable:

Check Rucky version in app settings: Open Rucky → Settings → About → Version number

Check Version:

Not applicable via command line; check within Rucky app settings

Verify Fix Applied:

Confirm version is ≥2.3 for release builds or ≥426 for nightly builds, and verify encryption settings use stronger algorithms if available.

📡 Detection & Monitoring

Log Indicators:

Unusual cryptographic errors or warnings in Rucky logs
Failed encryption/decryption attempts

Network Indicators:

Not applicable - primarily local application

SIEM Query:

Not applicable for typical SIEM monitoring as Rucky operates locally on Android devices

📊 Metadata

CVE ID: CVE-2021-41096

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-327

Published: September 27, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/mayankmetha/Rucky/commit/5e3a477365009f488a73efd26a91168502de1b93 Patch,Third Party Advisory
https://github.com/mayankmetha/Rucky/security/advisories/GHSA-32m7-456v-wgfw Third Party Advisory
https://github.com/mayankmetha/Rucky/commit/5e3a477365009f488a73efd26a91168502de1b93 Patch,Third Party Advisory
https://github.com/mayankmetha/Rucky/security/advisories/GHSA-32m7-456v-wgfw Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-41096, you might also want to check these: