CVE-2024-25825
published 2024-10-09CVE-2024-25825: FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.52%
40.1th percentile
FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password.
Detection & IOCsextracted from sources · hover to see the quote
- →The root user's entry in /etc/shadow contains a wildcard character, allowing authentication with any password or no password at all. Inspect /etc/shadow for a wildcard ('*' replaced by a permissive value) in the root account's password field. ↗
- →Affected versions are FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114. Presence of these versions combined with root login without a password is a strong indicator of exploitation. ↗
- ·The misconfiguration is in /etc/shadow where the root account's password hash field is set to a wildcard, enabling passwordless or any-password root login. This is classified as CWE-258 (Empty Password in Configuration File). ↗
- ·Fyde was reportedly already aware of the vulnerability prior to disclosure, raising concern about whether the misconfiguration was intentional. Investigation concluded a nation-state actor was unlikely responsible. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2024-10-09
Published