CVE-2021-36751

Name of the Vulnerable Software and Affected Versions ENC DataVault versions 7.2.3 and before ENC DataVault OEM versions

Description The issue concerns the use of an encryption algorithm that is vulnerable to data manipulation, known as ciphertext malleability, without requiring knowledge of the key. This means an attacker can modify the ciphertext, which would result in corresponding modifications to the plaintext. There is no mechanism in place to ensure data integrity, making it impossible to detect such manipulations.

Recommendations For ENC DataVault versions 7.2.3 and before, consider disabling the use of the vulnerable encryption algorithm until a patch or update is available. For ENC DataVault OEM versions, restrict access to sensitive data stored with these versions to minimize the risk of exploitation. As a temporary workaround, avoid relying solely on the encryption provided by ENC DataVault for sensitive data, and consider additional security measures to protect against data manipulation.