CVE-2025-0714: Insecure storage of sensitive information in MobaXTerm < v25.0
MobaXTerm uses an initialisation vector (IV) consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted for their password. A derivative of the password is used as the master key. As both the master key and the IV are the same for each stored password, the AES CFB ciphertext depends only on the plaintext (the password). The static IV and master key make it easier to obtain sensitive information and to decrypt data when it is stored at rest. Thus, it is possible for an attacker that has access to the encrypted passwords to:
- Recognize Password reuse, as the same password is always encrypted to the same ciphertext.
- Perform chosen plaintext attacks, if one or multiple passwords can be recovered.
- Recognize the prefix of similar passwords if one password is known.
The vulnerability exists in the password storage of Mobateks MobaXterm below version 25.0. The vulnerability was acknowledged and fixed by MobaXterm within a few weeks. We want to thank MobaXterm for their exemplary reaction to the vulnerability report.
We recommend to manually reencrypt all passwords that were encrypted with a vulnerable version of MobaXterm.
CVSS Score
6.5 (CVSS v3.1)
CVSS Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Version
MobaXTerm below 25.0
Fixed Version
25.0
Credits
cirosec GmbH
Timeline
Competent IT security consulting, pentests, incident response and training
cirosec GmbH
Ferdinand-Braun-Straße 4
74074 Heilbronn, Germany