Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Prion
Prionadded 2021/09/02 1:15 a.m.9 views

Design/Logic Flaw

The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files...

1.9CVSS4.6AI score0.00113EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2021/09/02 12:9 a.m.48 views

CVE-2021-31798

The CVE-2021-31798 vulnerability affects CyberArk Credential Provider prior to version 12.1, where the local encryption key space for the cached data has insufficient entropy. The cache files (configuration_cache.dat and related) are encrypted with AES-CBC and a 256-bit key, but the key derivatio...

4.4CVSS4.5AI score0.00113EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2021/09/02 12:9 a.m.12 views

CVE-2021-31798

The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files...

4.9AI score0.00113EPSS
Exploits0References4
CNNVD
CNNVDadded 2021/09/02 12:0 a.m.3 views

Cyberark Software CyberArk Credential Provider 安全特征问题漏洞

CyberArk Software Credential Provider is an installation credential provider program from CyberArk Software, Israel. A security feature issue vulnerability exists in CyberArk Credential Provider versions prior to 12.1, which stems from the use of low-level encryption for the valid key space used ...

4.4CVSS5.3AI score0.00113EPSS
Exploits0References7
NVD
NVDadded 2015/09/18 12:0 p.m.12 views

CVE-2015-5898

CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID...

2.1CVSS5AI score0.00041EPSS
Exploits0References6
Prion
Prionadded 2015/09/18 12:0 p.m.17 views

Information disclosure

CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID...

2.1CVSS5.4AI score0.00041EPSS
Exploits0References6Affected Software2
Cvelist
Cvelistadded 2015/09/18 10:0 a.m.21 views

CVE-2015-5898

CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID...

5AI score0.00041EPSS
Exploits0References6
CVE
CVEadded 2015/09/18 10:0 a.m.48 views

CVE-2015-5898

CVE-2015-5898 affects CFNetwork in Apple iOS before 9. The issue: CFNetwork caches data using a key protected only by the hardware UID, enabling physically proximate attackers to access cached information. The root cause is the cache encryption key being derived from the hardware UID alone. Impac...

2.1CVSS4.9AI score0.00041EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder