CVE-2021-31796
https://notcve.org/view.php?id=CVE-2021-31796
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36. Una vulnerabilidad de cifrado inadecuado detectada en CyberArk Credential Provider versiones anteriores a 12.1, puede conllevar a una Divulgación de Información. Un atacante puede tener, de forma realista, suficiente información como para que el número de claves posibles (para un archivo de credenciales) sea sólo uno, y el número no suele ser superior a 2^36 • http://packetstormsecurity.com/files/164023/CyberArk-Credential-File-Insufficient-Effective-Key-Space.html http://seclists.org/fulldisclosure/2021/Sep/1 https://korelogic.com/Resources/Advisories/KL-001-2021-008.txt https://www.cyberark.com/resources/blog • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2021-31798
https://notcve.org/view.php?id=CVE-2021-31798
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files. El espacio de claves efectivo usado para cifrar la caché en CyberArk Credential Provider versiones anteriores a 12.1, presenta una entropía baja, y en determinadas condiciones un usuario local malicioso puede obtener el texto plano de los archivos de la caché • http://packetstormsecurity.com/files/164035/CyberArk-Credential-Provider-Local-Cache-Decryption.html http://seclists.org/fulldisclosure/2021/Sep/3 https://korelogic.com/Resources/Advisories/KL-001-2021-010.txt https://www.cyberark.com/resources/blog • CWE-331: Insufficient Entropy •
CVE-2021-31797 – CyberArk Credential Provider Race Condition / Authorization Bypass
https://notcve.org/view.php?id=CVE-2021-31797
The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure. El mecanismo de identificación de usuarios usado por CyberArk Credential Provider versiones anteriores a 12.1, es susceptible a una condición de carrera del host local, conllevando a una divulgación de contraseña CyberArk's Credential Provider loopback communications on TCP port 18923 are encrypted with key material that has extremely low entropy. In all currently-known use cases, the effective key space is less than 2^16. For an attacker who understands the key derivation scheme and encryption mechanics, knowledge of the source port and access to the payloads of a given client-server exchange are sufficient to reduce effective key space to one. In cases where the source port is not known, the encrypted payloads will be unable to withstand a brute force attack. • http://packetstormsecurity.com/files/164033/CyberArk-Credential-Provider-Race-Condition-Authorization-Bypass.html http://seclists.org/fulldisclosure/2021/Sep/2 https://korelogic.com/Resources/Advisories/KL-001-2021-009.txt https://www.cyberark.com/resources/blog • CWE-331: Insufficient Entropy CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •