4 matches found
Information Disclosure
HaemmerElectronics.SeppPenner.WindowsHello is vulnerable to information disclosure. Text encrypted using the package that is written to a file can be decrypted by another executable by using the static method NCryptDecrypt from the same library...
GHSA-WVPV-FFCV-R6CW Internal NCryptDecrypt method could be used externally from WindowsHello library.
Impact Every user of the library before version 1.0.4. Patches Patched in 1.0.4+. Workarounds None. References https://github.com/SeppPenner/WindowsHello/issues/3 For more information It this library is used to encrypt text and write the output to a txt file, another executable could be able to...
Internal NCryptDecrypt method could be used externally from WindowsHello library.
Impact Every user of the library before version 1.0.4. Patches Patched in 1.0.4+. Workarounds None. References https://github.com/SeppPenner/WindowsHello/issues/3 For more information It this library is used to encrypt text and write the output to a txt file, another executable could be able to...
CVE-2020-11005 Internal NCryptDecrypt method could be used externally from WindowsHello library.
The WindowsHello open source library NuGet HaemmerElectronics.SeppPenner.WindowsHello, before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another...