Vulnerabilities > CVE-2021-42138 - Insufficient Entropy vulnerability in Thalesgroup Safenet Windows Logon Agent

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
thalesgroup
CWE-331
NVD
Published: 2021-12-20
Updated: 2024-11-21

Summary

A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine.

Vulnerable Configurations

Part Description Count
Application
Thalesgroup
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

References