Vulnerability Details : CVE-2021-36750
ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names).
Products affected by CVE-2021-36750
- cpe:2.3:a:sandisk:secureaccess:3.02:*:*:*:*:*:*:*
- cpe:2.3:a:zendesk:enc_datavault:*:*:*:*:*:*:*:*
- cpe:2.3:a:zendesk:enc_vaultapi:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-36750
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-36750
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:N |
8.0
|
4.9
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
NIST |
CWE ids for CVE-2021-36750
-
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-36750
-
https://pretalx.c3voc.de/rc3-2021-r3s/talk/QMYGR3/
Practical bruteforce of military grade AES-1024 :: Remote Rhein Ruhr Stage :: pretalxThird Party Advisory
-
https://encsecurity.zendesk.com/hc/en-us/articles/4413283717265-Update-for-ENC-Software
Security checkVendor Advisory
-
https://www.westerndigital.com/en-ap/support/product-security/wdc-21014-sandisk-secureaccess-software-update
WDC-21014 SanDisk SecureAccess Software Update | Western DigitalThird Party Advisory
-
https://www.encsecurity.com/solutions.php
ENCSecurityProduct
Jump to