Pasquale "sid" Fiorillo found a critical vulnerability in QNAP QTS allowing the recovery of the Domain Admin password. Such password is "encrypted" with XOR and the key is a single byte! Any web application or extraneous software running in your QNAP system can access such configuration file and jeopardize your entire network if the NAS uses domain authentication for it's users.