CVE-2024-42012

Name of the Vulnerable Software and Affected Versions GRAU DATA Blocky versions prior to 3.1

Description The issue arises because GRAU DATA Blocky stores passwords encrypted rather than hashed. When a user logs in, their password is compared to the decrypted cleartext password. This allows an attacker with Windows admin or debugging rights to steal the user's Blocky password and impersonate them locally.

Recommendations For versions prior to 3.1, update to version 3.1 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.