CVE-2021-42138
First published: Mon Dec 20 2021(Updated: )
A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine.
Credit: psirt@thalesgroup.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thalesgroup Safenet Windows Logon Agent | <3.4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://cpl.thalesgroup.com/support/security-updates
- https://supportportal.gemalto.com/csm?sys_kb_id=a52bd13adbff7010f0e322080596194a&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=b3bdd932db33b010f0e3220805961955
- https://supportportal.gemalto.com/csm?sys_kb_id=e8397662dbb7fc10520c4705059619eb&id=kb_article_view&sysparm_rank=2&sysparm_tsqueryId=b3bdd932db33b010f0e3220805961955
Frequently Asked Questions
What is CVE-2021-42138?
CVE-2021-42138 is a vulnerability in SafeNet Agent for Windows Logon that allows a user to access the encrypted credentials of other users on the machine.
How does CVE-2021-42138 work?
CVE-2021-42138 leverages weak entropy to exploit the vulnerability in SafeNet Agent for Windows Logon and gain unauthorized access to encrypted credentials.
What is the severity of CVE-2021-42138?
CVE-2021-42138 has a severity rating of high (6.5).
Which software version is affected by CVE-2021-42138?
SafeNet Agent for Windows Logon versions up to 3.4.4 are affected by CVE-2021-42138.
How can I fix CVE-2021-42138?
To fix CVE-2021-42138, it is recommended to upgrade SafeNet Agent for Windows Logon to a version beyond 3.4.4.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/thalesgroup
- canonical/thalesgroup safenet windows logon agent