CVE-2024-38320 - Weak Cryptographic Algorithms in IBM Storage Protect for Virtual Environments and Backup-Archive Client

IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client versions 8.1.. through 8.1.23. have been found to use weaker than expected cryptographic algorithms, which could potentially allow an attacker to decrypt sensitive information. In this post, we will explore the details of the vulnerability, CVE-2024-38320, and discuss its impact on users of the affected software.

Description

The affected software versions are reported to use a compromised combination of cryptographic algorithms in their default configurations. These algorithms, such as MD5 and SHA1, have been widely known for their cryptanalysis vulnerabilities, making it easier for potential attackers to perform attacks, such as collision attacks and preimage attacks. This could ultimately lead to an attacker being able to decrypt secured information, which is critical as the software is responsible for the backup and protection of virtual environments.

Exploit Details

An attacker can potentially exploit this vulnerability by intercepting and obtaining the encrypted data being transmitted by the affected IBM software. Then, utilizing known weaknesses of the cryptographic algorithms in use, the attacker may launch collision and preimage attacks to decrypt the intercepted data.

The proof of concept for exploiting this vulnerability with MD5 and SHA1 collision attacks can be found in the following links:

1. Breaking MD5 – Making the Theoretical Practical
2. SHA-1 is a Shambles

Here is a Python code snippet for an MD5 hash collision attack

import hashlib

# Two different inputs with the same MD5 hash
input1 = "d131dd02c5e6eec4693d9a0698aff95c2fcab58712467eab4004583eb8fb7f8955ad340609f4b30283e4888325f1415a085125e8f7cdc99fd91dbd7280373c5bd8823e3156348f5bae6dacd436c919c6dd53e2b487da03fd02396306d248cdae99f33420f577ee8ce54b67080a80d1ec69821bcb6a8839396f9652b6ff72a70"
input2 = "d131dd02c5e6eec4693d9a0698aff95c2fcab50712467eab4004583eb8fb7f8955ad340609f4b30283e4888325f1415a085125e8f7cdc99fd91dbdf280373c5bd8823e1d35507f1bae6107b5b8956dacd436c919c6dd53e23487da03fd02396306d248cdae99f33420f577ee8ce54b67080280d1ec69821bcb6a8839396f965ab6ff72a7"

# Calculate MD5 hashes for both inputs
hash1 = hashlib.md5(input1.decode("hex")).hexdigest()
hash2 = hashlib.md5(input2.decode("hex")).hexdigest()

# Verify that these hashes are the same
assert hash1 == hash2

print("MD5 hash collision:")
print(f"Input 1: {input1}")
print(f"Input 2: {input2}")
print(f"Hash: {hash1}")

Mitigation

Users of the affected software are advised to upgrade to versions 8.1.24. or later, which have been patched to address the vulnerability. Additionally, users can manually change the default cryptographic algorithm configurations of their software to use stronger algorithms, such as SHA-256 or SHA-3.

Conclusion

As a user of IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client, it is essential to ensure that your software is updated and does not use weak cryptographic algorithms. Update your software to the latest version and verify that stronger cryptographic algorithms are in use to mitigate the risks associated with this vulnerability.

Timeline

Published on: 01/27/2025 16:15:30 UTC