CVE-2021-36751 Information

Description

ENC DataVault 7.1.1W uses an inappropriate encryption algorithm such that an attacker (who does not know the secret key) can make ciphertext modifications that are reflected in modified plaintext. There is no data integrity mechanism. (This behavior occurs across USB drives sold under multiple brand names.)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Reference

https://pretalx.c3voc.de/rc3-2021-r3s/talk/QMYGR3/ https://encsecurity.zendesk.com/hc/en-us/articles/4413283717265-Update-for-ENC-Software

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

9.1