CVE-2021-36750

Sažetak

ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names).

Reference

https://www.encsecurity.com/solutions.php
https://encsecurity.zendesk.com/hc/en-us/articles/4413283717265-Update-for-ENC-Software
https://www.westerndigital.com/en-ap/support/product-security/wdc-21014-sandisk-secureaccess-software-update
https://pretalx.c3voc.de/rc3-2021-r3s/talk/QMYGR3/

CVSS

Base:	5.5
Impact:	4.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Zadnje važnije ažuriranje

06-01-2022 - 14:13

Objavljeno

22-12-2021 - 14:15