Sepppenner

**Name of the Vulnerable Software and Affected Versions** HaemmerElectronics.SeppPenner.WindowsHello versions prior to 1.0.4 **Description** The issue allows encrypted data to be potentially decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another executable could be able to decrypt the text using the static method `NCryptDecrypt` from this same library without the need to use Windows Hello Authentication again. **Recommendations** For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `NCryptDecrypt` method to minimize the risk of exploitation.