Executive Summary

A weakness exists in the way Netwrix Endpoint Protector’s Enforced Encryption module derives as encryption key based on a user-supplied password. Due to insufficient computatational complexity in this process, an attacker with access to an encrypted USB device could potentially gain access to the encrypted content by performing a brute-force attack on the user’s password.

Vulnerability

Exploitability

Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgments about urgency and priority; customers should use the information below in making those decisions.

Solution

All Netwrix Endpoint Protector customers are advised to update Endpoint Protector to version 5.9.4.2 or later as soon as possible by following the instructions referenced in the section What’s New in Endpoint Protector 5.9.4.2.

Please contact the Netwrix technical support team should you need assistance.

Official Fixes

Updated software has been released containing official fixes for all listed vulnerabilities as indicated in the table below.

FAQ

1. How do I determine the version of Netwrix Endpoint Protector is in use?

   Please refer to this knowledge base article.

Revisions

Updates to this advisory may be made as necessary. Information about each change will be published in the table below.

Disclaimer

The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.

An update was made to this advisory.