Wolfgang Neufeld

**Name of the Vulnerable Software and Affected Versions** GRAU DATA Blocky versions prior to 3.1 **Description** The issue arises because GRAU DATA Blocky stores passwords encrypted rather than hashed. When a user logs in, their password is compared to the decrypted cleartext password. This allows an attacker with Windows admin or debugging rights to steal the user's Blocky password and impersonate them locally. **Recommendations** For versions prior to 3.1, update to version 3.1 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

**Name of the Vulnerable Software and Affected Versions** GRAU DATA Blocky versions prior to 3.1 **Description** The issue is related to a Client-Side Enforcement of Server-Side Security vulnerability in Blocky-Gui. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of the program. **Recommendations** For versions prior to 3.1, update to version 3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the binary files to minimize the risk of exploitation. Additionally, limiting Windows administrative and debugging privileges can help reduce the attack surface.