CVE-2021-36750

high

Description

ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names).

References

Advisories
More

https://www.westerndigital.com/en-ap/support/product-security/wdc-21014-sandisk-secureaccess-software-update

https://pretalx.c3voc.de/rc3-2021-r3s/talk/QMYGR3/

https://www.encsecurity.com/solutions.php

https://encsecurity.zendesk.com/hc/en-us/articles/4413283717265-Update-for-ENC-Software

Details

Source: Mitre, NVD

Published: 2021-12-22

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.19701

Detections

Analytics