CVE-2021-42138
low-risk
Published 2021-12-20
A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine.
Do I need to act?
-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10
High
LOCAL
/ HIGH complexity
Affected Products (1)
Safenet Windows Logon Agent
Affected Vendors
References (6)
Vendor Advisory
https://cpl.thalesgroup.com/support/security-updates
Permissions Required
https://supportportal.gemalto.com/csm?sys_kb_id=a52bd13adbff7010f0e322080596194a...
Permissions Required
https://supportportal.gemalto.com/csm?sys_kb_id=e8397662dbb7fc10520c4705059619eb...
Vendor Advisory
https://cpl.thalesgroup.com/support/security-updates
Permissions Required
https://supportportal.gemalto.com/csm?sys_kb_id=a52bd13adbff7010f0e322080596194a...
Permissions Required
https://supportportal.gemalto.com/csm?sys_kb_id=e8397662dbb7fc10520c4705059619eb...
25
/ 100
low-risk
Severity
19/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal