Описание
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36.
Ссылки
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Product
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 12.1 (исключая)
cpe:2.3:a:cyberark:credential_provider:*:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00609
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-327
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36.
EPSS
Процентиль: 69%
0.00609
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-327