Vulnerability Description
A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine.
CVSS Score
7.2
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thalesgroup | Safenet Windows Logon Agent | < 3.4.4 |
Related Weaknesses (CWE)
References
- https://cpl.thalesgroup.com/support/security-updatesVendor Advisory
- https://supportportal.gemalto.com/csm?sys_kb_id=a52bd13adbff7010f0e322080596194aPermissions Required
- https://supportportal.gemalto.com/csm?sys_kb_id=e8397662dbb7fc10520c4705059619ebPermissions Required
- https://cpl.thalesgroup.com/support/security-updatesVendor Advisory
- https://supportportal.gemalto.com/csm?sys_kb_id=a52bd13adbff7010f0e322080596194aPermissions Required
- https://supportportal.gemalto.com/csm?sys_kb_id=e8397662dbb7fc10520c4705059619ebPermissions Required
FAQ
What is CVE-2021-42138?
CVE-2021-42138 is a vulnerability with a CVSS score of 7.2 (HIGH). A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine.
How severe is CVE-2021-42138?
CVE-2021-42138 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42138?
Check the references section above for vendor advisories and patch information. Affected products include: Thalesgroup Safenet Windows Logon Agent.