CVE-2024-42012

MEDIUM

GRAU DATA Blocky <3.1 - Info Disclosure

Title source: llm

Description

GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate that local user.

References (2)

[Various Sources] https://www.graudata.com/en/products/protection-against-ransomware/blocky-for-veeam/

[Various Sources] https://www.blockyforveeam.com/en/security-bulletin-2024-06-25/

Scores

CVSS v3 5.7

EPSS 0.0004

EPSS Percentile 13.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-522

Status published

Published Jan 22, 2025

Tracked Since Feb 18, 2026