2025-01-22 00:00:00
mitre
PUBLISHED
GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the users password is compared to the users decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the users Blocky password and from there impersonate that local user.