CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31798 – CyberArk Credential Provider Local Cache Decryption
https://notcve.org/view.php?id=CVE-2021-31798
02 Sep 2021 — The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files. El espacio de claves efectivo usado para cifrar la caché en CyberArk Credential Provider versiones anteriores a 12.1, presenta una entropía baja, y en determinadas condiciones un usuario local malicioso puede obtener el texto plano de los archivos de la caché CyberArk Credential Providers can be configure... • http://packetstormsecurity.com/files/164035/CyberArk-Credential-Provider-Local-Cache-Decryption.html • CWE-331: Insufficient Entropy •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-31796 – CyberArk Credential File Insufficient Effective Key Space
https://notcve.org/view.php?id=CVE-2021-31796
02 Sep 2021 — An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36. Una vulnerabilidad de cifrado inadecuado detectada en CyberArk Credential Provider versiones anteriores a 12.1, puede conllevar a una Divulgación de Información. Un atacante puede tener, de forma realista, sufi... • https://github.com/unmanarc/CACredDecoder • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-31797 – CyberArk Credential Provider Race Condition / Authorization Bypass
https://notcve.org/view.php?id=CVE-2021-31797
01 Sep 2021 — The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure. El mecanismo de identificación de usuarios usado por CyberArk Credential Provider versiones anteriores a 12.1, es susceptible a una condición de carrera del host local, conllevando a una divulgación de contraseña CyberArk's Credential Provider loopback communications on TCP port 18923 are encrypted with key material that has extremely low entropy... • https://packetstorm.news/files/id/164033 • CWE-331: Insufficient Entropy CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •