← volver
CVE-2021-31796

CVE-2021-31796

EPSS 1.7%
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/164023/CyberArk-Credential-File-Insufficient-Effective-Key-Space.htmlhttp://seclists.org/fulldisclosure/2021/Sep/1https://korelogic.com/Resources/Advisories/KL-001-2021-008.txthttps://www.cyberark.com/resources/blog