Описание
ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other applications, mishandles key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names).
ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other applications, mishandles key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names).
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-36750
- https://encsecurity.zendesk.com/hc/en-us/articles/4413283717265-Update-for-ENC-Software
- https://pretalx.c3voc.de/rc3-2021-r3s/talk/QMYGR3
- https://www.encsecurity.com/solutions.php
- https://www.westerndigital.com/en-ap/support/product-security/wdc-21014-sandisk-secureaccess-software-update
Связанные уязвимости
CVSS3: 8.1
nvd
около 4 лет назад
ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names).