Vulnerability Details : CVE-2021-42138
A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine.
Exploit prediction scoring system (EPSS) score for CVE-2021-42138
Probability of exploitation activity in the next 30 days: 0.11%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 44 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-42138
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
[email protected] |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
[email protected] |
|
7.2
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N |
0.8
|
5.8
|
[email protected] |
CWE ids for CVE-2021-42138
-
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.Assigned by: [email protected] (Primary)
References for CVE-2021-42138
-
https://cpl.thalesgroup.com/support/security-updates
Vendor Advisory
-
https://supportportal.gemalto.com/csm?sys_kb_id=e8397662dbb7fc10520c4705059619eb&id=kb_article_view&sysparm_rank=2&sysparm_tsqueryId=b3bdd932db33b010f0e3220805961955
Permissions Required
-
https://supportportal.gemalto.com/csm?sys_kb_id=a52bd13adbff7010f0e322080596194a&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=b3bdd932db33b010f0e3220805961955
Permissions Required
Products affected by CVE-2021-42138
- cpe:2.3:a:thalesgroup:safenet_windows_logon_agent:*:*:*:*:*:*:*:*