• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RaidSonic NAS-4220-B Encryption Key Disclosure Vulnerability

RaidSonic NAS-4220-B is prone to a vulnerability that can compromise encrypted data. This issue occurs because the key used by the device to encrypt hard-drive data is stored insecurely in the configuration partitions of each drive.

Attackers with physical access to the NAS can exploit this issue to decrypt potentially sensitive information stored on the hard disks.

This issue affects NAS-4220-B running firmware 2.6.0-n(2007-10-11). Other devices and firmware versions may also be affected.