<ciso brief/>
Tag Banner

All news with #centrestack tag

all tags →

Thu, December 11, 2025

Hard-coded Gladinet Keys Enable Active Exploitation

#Security Advisory #Patch #Active Exploitation #Hardcoded Secrets #Insecure Deserialization #Key Leakage #Gladinet #CentreStack

🔐 Huntress warns that hard-coded cryptographic keys in Gladinet CentreStack and Triofox allow attackers to decrypt or forge access tickets, exposing sensitive files such as web.config. The flaw stems from a function that returns the same 100-byte strings to derive persistent keys, enabling indefinite reuse of crafted URLs to download server configuration. Organisations should update to version 16.12.10420.56791 and rotate machine keys immediately.

read more →