CVE-2020-11005

Name of the Vulnerable Software and Affected Versions HaemmerElectronics.SeppPenner.WindowsHello versions prior to 1.0.4

Description The issue allows encrypted data to be potentially decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another executable could be able to decrypt the text using the static method NCryptDecrypt from this same library without the need to use Windows Hello Authentication again.

Recommendations For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the NCryptDecrypt method to minimize the risk of exploitation.