3 matches found
CVE-2021-31796
CVE-2021-31796 affects CyberArk Credential Provider before v12.1, where an inadequate encryption scheme (AES-256-CBC with a custom key-derivation using environmental fields) can shrink the effective key space to as little as 2^36 in realistic scenarios, enabling potential information disclosure f...
CyberArk Credential File Insufficient Effective Key Space
Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength CVE ID: CVE-2021-31796 2. Vulnerability Description CyberArk...
Exploit for Use of a Broken or Risky Cryptographic Algorithm in Cyberark Credential_Provider
C-Ark Credential Decoder Exploit tool for CVE-2021-31796...