First published: Mon Dec 20 2021(Updated: )
A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine.
Credit: psirt@thalesgroup.com psirt@thalesgroup.com
Affected Software | Affected Version | How to fix |
---|---|---|
Thalesgroup Safenet Windows Logon Agent | <3.4.4 | |
<3.4.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-42138 is a vulnerability in SafeNet Agent for Windows Logon that allows a user to access the encrypted credentials of other users on the machine.
CVE-2021-42138 leverages weak entropy to exploit the vulnerability in SafeNet Agent for Windows Logon and gain unauthorized access to encrypted credentials.
CVE-2021-42138 has a severity rating of high (6.5).
SafeNet Agent for Windows Logon versions up to 3.4.4 are affected by CVE-2021-42138.
To fix CVE-2021-42138, it is recommended to upgrade SafeNet Agent for Windows Logon to a version beyond 3.4.4.