CVE-2021-31796

Published: Sep 2, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36.

Affected (1)

Products: Cyberark: Credential Provider

1 product

Credential Provider

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cyberark Credential Provider	Before 12.1

Related CWEs

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

References (8)

http://packetstormsecurity.com/files/164023/CyberArk-Credential-File-Insufficient-Effective-Key-Space.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2021/Sep/1

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://korelogic.com/Resources/Advisories/KL-001-2021-008.txt

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://www.cyberark.com/resources/blog

Source: cve@mitre.org

Product

http://packetstormsecurity.com/files/164023/CyberArk-Credential-File-Insufficient-Effective-Key-Space.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2021/Sep/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://korelogic.com/Resources/Advisories/KL-001-2021-008.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.cyberark.com/resources/blog

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.