Mitigation Strategies

The primary immediate mitigation step is to upgrade Iperius Backup to version 8.7.4 or later, where the vulnerability has been fixed by integrating DPAPI for credential storage and adding folder hardening options.

Since the vulnerability requires local access and has high complexity, restricting local access to trusted users and systems can reduce risk.

Avoid using affected versions (up to 8.7.2) in production environments until the upgrade is applied.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability involves the use of a hard-coded cryptographic key in Iperius Backup, which allows offline recovery of stored credentials by attackers. This cryptographic weakness could potentially lead to unauthorized access to sensitive data.

Such unauthorized access risks could impact compliance with data protection regulations like GDPR and HIPAA, which require adequate protection of personal and sensitive information through strong encryption and access controls.

However, the exploit requires local access and is characterized by high complexity and difficult exploitability, which may limit the risk in some environments.

Upgrading to version 8.7.4, which includes fixes such as DPAPI integration for credential storage and folder hardening, is recommended to mitigate these risks and improve compliance posture.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-5310 is a vulnerability in Enter Software Iperius Backup up to version 8.7.2 involving the use of a hard-coded cryptographic key in the file IperiusAccounts.ini. This flaw allows attackers with local access to exploit the static encryption key used for credential storage, enabling offline recovery of stored credentials. The encryption scheme uses AES-256-CBC with a weak key derivation and initialization vector construction, making it possible to decrypt sensitive data. Additionally, there is a related privilege escalation issue through encrypted job file injection, allowing attackers to escalate privileges to NT AUTHORITY\SYSTEM.

The attack is complex and difficult to exploit, requiring local access, but proof-of-concept tools exist demonstrating the vulnerability. The vendor has released a fixed version (8.7.4) addressing these issues.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing an attacker with local access to recover all stored credentials offline due to the use of a hardcoded static encryption key. This compromises the confidentiality of sensitive information stored by Iperius Backup.

Furthermore, the vulnerability enables privilege escalation through injection of malicious encrypted job files, potentially granting attackers SYSTEM-level access on the affected machine.

Overall, this can lead to unauthorized access to backup credentials and elevated system privileges, increasing the risk of data breaches and system compromise.

Useful 0 Not Useful 0

Detection Guidance

Detection of this vulnerability involves analyzing the Iperius Backup credentials stored in the IperiusAccounts.ini file for the use of a hard-coded cryptographic key. Since the attack is local and complex, detection can be aided by using the provided proof-of-concept Python script that decrypts the credentials by reversing the proprietary encryption scheme.

You can use the Python script 'decrypt_iperius.py' from Resource 1 to attempt decryption of the stored credentials. This script accepts a base64-encoded ciphertext as input and outputs the decrypted plaintext, helping to confirm if the hard-coded key vulnerability is present.

No specific network commands are provided, as the vulnerability requires local access and is not exploitable remotely.

• Run the Python script with the encrypted credential string extracted from IperiusAccounts.ini to check if decryption is successful.
• Example command to run the script (assuming Python environment):
• python decrypt_iperius.py <base64_encrypted_string>

Useful 0 Not Useful 0