EUVD-2021-18679

Malware in sbrugna...

CVE-2021-31796

An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys for a credential file is only one, and the number is usually not higher than 2^3...

CVE-2021-31797

The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure...

CVE-2021-31798

The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files...

CVE-2021-31796

An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys for a credential file is only one, and the number is usually not higher than 2^3...

Design/Logic Flaw

The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files...

CVE-2021-31798

The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files...

Cyberark Software CyberArk Credential Provider 安全特征问题漏洞

CyberArk Software Credential Provider is an installation credential provider program from CyberArk Software, Israel. A security feature issue vulnerability exists in CyberArk Credential Provider versions prior to 12.1, which stems from the use of low-level encryption for the valid key space used ...

Cyberark Software CyberArk Credential Provider 加密问题漏洞

Cyberark Software CyberArk Credential Provider is an installation credential provider program from CyberArk Software Cyberark Software, Israel. CyberArk Software CyberArk Credential Provider prior to version 12.1 has an encryption issue vulnerability that stems from an inadequate encryption metho...

CVE-2021-31797

The CVE-2021-31797 issue affects CyberArk’s Credential Provider (prior to version 12.1). The vulnerability is a local race condition in the user-identification/loopback communication over TCP port 18923, which can lead to password disclosure. The exposed details indicate an inadequate synchroniza...

Cyberark Software CyberArk Credential Provider 安全特征问题漏洞

CyberArk Software Credential Provider is an installation credential provider program from CyberArk Software, an Israeli company. CyberArk Credential Provider suffers from a security signature issue vulnerability that stems from the vulnerability of the user identification mechanism used prior to...

PT-2021-19514 · Cyberark · Cyberark Credential Provider

Name of the Vulnerable Software and Affected Versions: CyberArk Credential Provider versions prior to 12.1 Description: The user identification mechanism used by CyberArk Credential Provider is susceptible to a local host race condition, leading to password disclosure. Recommendations: For versio...