CVE-2021-36750
Summary
| CVE | CVE-2021-36750 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-12-22 14:15:00 UTC |
| Updated | 2022-01-06 14:13:00 UTC |
| Description | ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names). |
Risk And Classification
Problem Types: CWE-307
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sandisk | Secureaccess | 3.02 | All | All | All |
| Application | Zendesk | Enc Datavault | All | All | All | All |
| Application | Zendesk | Enc Vaultapi | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Practical bruteforce of military grade AES-1024 :: Remote Rhein Ruhr Stage :: pretalx | MISC | pretalx.c3voc.de | |
| Update for ENC Software – ENC Security Help Center | MISC | encsecurity.zendesk.com | |
| WDC-21014 SanDisk SecureAccess Software Update | Western Digital | MISC | www.westerndigital.com | |
| ENCSecurity | MISC | www.encsecurity.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 376264 ENC DataVault Mishandle Key Derivation Vulnerability