CVE-2020-11005

Internal NCryptDecrypt method could be used externally from WindowsHello library.

CVSS 5.1 MEDIUMEPSS 0.2%CWE-288

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 Apr 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another executable could be able to decrypt the text using the static method NCryptDecrypt from this same library without the need to use Windows Hello Authentication again. This has been patched in version 1.0.4.

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

SeppPenner · WindowsHello

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/SeppPenner/WindowsHello/issues/3 https://github.com/SeppPenner/WindowsHello/security/advisories/GHSA-wvpv-ffcv-r6cw