The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack.
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG’s algorithm is not cryptographically strong.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ts-239_pro_firmware | Qnap | 2.1.7-build0613 (including) | 2.1.7-build0613 (including) |
| Ts-239_pro_firmware | Qnap | 3.1.0-build0627 (including) | 3.1.0-build0627 (including) |
| Ts-239_pro_firmware | Qnap | 3.1.1-build0815 (including) | 3.1.1-build0815 (including) |
When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks. Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms that use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography.