← back
CVE-2021-31796

CVE-2021-31796

EPSS 1.7%
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/164023/CyberArk-Credential-File-Insufficient-Effective-Key-Space.htmlhttp://seclists.org/fulldisclosure/2021/Sep/1https://korelogic.com/Resources/Advisories/KL-001-2021-008.txthttps://www.cyberark.com/resources/blog