CVE-2024-42012
📋 TL;DR
GRAU DATA Blocky versions before 3.1 store passwords using reversible encryption instead of secure hashing. This allows attackers with Windows administrative or debugging privileges to decrypt and steal user passwords, enabling impersonation of local Blocky users. Organizations using vulnerable Blocky versions for Veeam backup protection are affected.
💻 Affected Systems
- GRAU DATA Blocky for Veeam
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers with admin rights steal all Blocky passwords, impersonate any user, potentially compromising backup integrity and enabling ransomware attacks against backup systems.
Likely Case
Malicious insiders or compromised admin accounts steal specific user passwords to bypass access controls and manipulate backup operations.
If Mitigated
With proper privilege separation and monitoring, impact is limited to specific compromised accounts rather than system-wide compromise.
🎯 Exploit Status
Exploitation requires Windows admin/debugging rights but is technically simple once those privileges are obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.1
Vendor Advisory: https://www.blockyforveeam.com/en/security-bulletin-2024-06-25/
Restart Required: Yes
Instructions:
1. Download Blocky 3.1 from GRAU DATA portal. 2. Backup current configuration. 3. Run installer with administrative privileges. 4. Restart Blocky services. 5. Verify password storage now uses hashing.
🔧 Temporary Workarounds
Restrict Administrative Access
windowsLimit Windows administrative and debugging privileges to essential personnel only.
Implement Credential Guard
windowsEnable Windows Credential Guard to protect credentials from memory attacks.
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
Enable-WindowsOptionalFeature -Online -FeatureName CredentialGuard
🧯 If You Can't Patch
- Implement strict least-privilege access controls for Windows administrative accounts
- Monitor for unusual authentication patterns and credential access events
🔍 How to Verify
Check if Vulnerable:
Check Blocky version in application interface or registry: HKEY_LOCAL_MACHINE\SOFTWARE\GRAU DATA\Blocky\VersionCheck Version:
reg query "HKLM\SOFTWARE\GRAU DATA\Blocky" /v VersionVerify Fix Applied:
Verify version is 3.1 or higher and check that passwords are stored as hashes in configuration files rather than encrypted values.📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts followed by successful login from unusual location
- Administrative account accessing Blocky credential storage
Network Indicators:
- Unusual authentication patterns to Blocky management interface
SIEM Query:
source="Blocky" AND (event_type="authentication" AND result="success") | stats count by user, src_ip | where count > threshold