High severity7.5NVD Advisory· Published Sep 2, 2021· Updated Jun 17, 2026
CVE-2021-31796
CVE-2021-31796
Description
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- CyberArk/Credential Providerdescription
- Range: <12.1
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/164023/CyberArk-Credential-File-Insufficient-Effective-Key-Space.htmlnvdThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2021/Sep/1nvdMailing ListThird Party Advisory
- korelogic.com/Resources/Advisories/KL-001-2021-008.txtnvdMailing ListThird Party Advisory
- www.cyberark.com/resources/blognvdProduct
News mentions
0No linked articles in our index yet.