3 matches found
CVE-2021-31796
CVE-2021-31796 affects CyberArk Credential Provider before v12.1, where an inadequate encryption scheme (AES-256-CBC with a custom key-derivation using environmental fields) can shrink the effective key space to as little as 2^36 in realistic scenarios, enabling potential information disclosure f...
CVE-2021-31798
The CVE-2021-31798 vulnerability affects CyberArk Credential Provider prior to version 12.1, where the local encryption key space for the cached data has insufficient entropy. The cache files (configuration_cache.dat and related) are encrypted with AES-CBC and a 256-bit key, but the key derivatio...
CVE-2021-31797
The CVE-2021-31797 issue affects CyberArk’s Credential Provider (prior to version 12.1). The vulnerability is a local race condition in the user-identification/loopback communication over TCP port 18923, which can lead to password disclosure. The exposed details indicate an inadequate synchroniza...