CVE-2021-42138 : Security Advisory and Response
Discover a high severity vulnerability (CVE-2021-42138) in Safenet Authentication Service by Thales CPL, allowing unauthorized access to encrypted credentials. Learn about impact, affected systems, exploitation mechanism, and mitigation steps.
A vulnerability has been identified in Safenet Authentication Service by Thales CPL, affecting versions up to 3.4.4 on the Windows Logon Agent, allowing users to exploit weak entropy to access encrypted credentials.
Understanding CVE-2021-42138
What is CVE-2021-42138?
A user protected by SafeNet Agent for Windows Logon can exploit weak entropy to retrieve encrypted credentials from other users on the same machine.
The Impact of CVE-2021-42138
The vulnerability poses a high severity threat with impacts on confidentiality and integrity.
Technical Details of CVE-2021-42138
Vulnerability Description
The flaw enables unauthorized access to encrypted user credentials.
Affected Systems and Versions
- Product: Safenet Authentication Service
- Vendor: Thales CPL
- Versions affected: < 3.4.4
- Windows Logon Agent
Exploitation Mechanism
Weak entropy allows users to access encrypted credentials of fellow users on the machine.
Mitigation and Prevention
Immediate Steps to Take
- Implement the provided security updates promptly.
- Monitor for any unauthorized access or credential misuse.
- Consider limiting user privileges to minimize potential harm.
Long-Term Security Practices
- Regularly review and update security configurations.
- Provide security awareness training to users to prevent exploitation of vulnerabilities.
- Conduct periodic security assessments to detect and mitigate similar risks.
Patching and Updates
- Thales CPL has released security updates to address the vulnerability.