CVE-2021-31796

HIGH

CyberArk Credential Provider < 12.1 - Information Disclosure via Inadequate Encryption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-31796. PoCs published by unmanarc.

AI-analyzed exploit summary This repository contains a functional exploit tool for CVE-2021-31796, which targets a cryptographic weakness in CyberArk's credential storage. The tool decodes credential files by reversing the AES-256-CBC encryption scheme used, leveraging insufficient effective key space due to predictable key derivation from the 'AdditionalInformation' field.

Description

An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36.

Exploits (1)

nomisec WORKING POC 1 stars

by unmanarc · poc

https://github.com/unmanarc/CACredDecoder

View Code ZIP pw:eip

This repository contains a functional exploit tool for CVE-2021-31796, which targets a cryptographic weakness in CyberArk's credential storage. The tool decodes credential files by reversing the AES-256-CBC encryption scheme used, leveraging insufficient effective key space due to predictable key derivation from the 'AdditionalInformation' field.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: CyberArk Credential Provider (specific version not specified)

No auth needed

Prerequisites: Access to a CyberArk credential file (CredFile)

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Product x_refsource_misc

https://www.cyberark.com/resources/blog

Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2021/Sep/1

Mailing List, Third Party Advisory x_refsource_misc

https://korelogic.com/Resources/Advisories/KL-001-2021-008.txt

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/164023/CyberArk-Credential-File-Insufficient-Effective-Key-Space.html

Scores

CVSS v3 7.5

EPSS 0.0061

EPSS Percentile 70.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-327

Status published

Products (1)

cyberark/credential_provider < 12.1

Published Sep 02, 2021

Tracked Since Feb 18, 2026