Vulnerabilities > CVE-2021-31797 - Insufficient Entropy vulnerability in Cyberark Credential Provider

047910
CVSS 5.1 - MEDIUM
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
high complexity
cyberark
CWE-331

Summary

The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure.

Vulnerable Configurations

Part Description Count
Application
Cyberark
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.