3 matches found
CVE-2021-31798
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files...
CVE-2021-31798
The CVE-2021-31798 vulnerability affects CyberArk Credential Provider prior to version 12.1, where the local encryption key space for the cached data has insufficient entropy. The cache files (configuration_cache.dat and related) are encrypted with AES-CBC and a 256-bit key, but the key derivatio...
CyberArk Credential Provider Local Cache Can Be Decrypted
Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength CVE ID: CVE-2021-31798 2. Vulnerability Description CyberArk...