Release 2.5.172 PROD Update
On the 15th of February, we have completed an update of Heimdal devices from 2.5.170RC to 2.5.190RC, including the production versions from 2.5.171 / 2.5.172 to 2.5.173.
More than 95% of the active machines are updated and we will continue to ensure that the rest are updated automatically.
The reason we’ve updated all the machines was a vulnerability that was disclosed at the beginning of February month.
Release 2.5.172, 2.5.171 PROD / 2.5.170RC
Details about the issue fixed:
We solved a certificate vulnerability discovered in version 2.5.172 for Heimdal Thor Free, Thor Home and Thor Enterprise.
It was confirmed that version 2.5.172 did not correctly validate the TLS certificates needed when communicating with the host “coreservice.heimdalsecurity.net”, which would allow a highly skilled attacker with network access to be able to see details like hostname, hard drive serial number and motherboard serial number.
Due to the Certificate validation, an attacker could also alter the messages from the Heimdal servers and run custom scripts when Heimdal is installing software patches.
The patches are downloaded from a storage location that was also not secured by the certificate validation. Although the files are encrypted, they are checked based on the MD5 for integrity and authenticity from the server, and an attacker could change the MD5 from the server so it matches, thus having Heimdal execute malicious files.
The full list of affected versions is 2.5.170RC and 2.5.171, 2.5.172.
Thank you to Pen Test Partners LLP for bringing this to our attention.