Windows Docker Information Disclosure Vulnerability (CVE-2021-1645)

In 2020, we discovered a vulnerability in the Microsoft Docker implementation and reported it to Microsoft. Microsoft published updates for its Windows client and server versions addressing the vulnerability on January 12th 2021. They assigned CVE-2021-1645 to this vulnerability.

This issue leads to the disclosure of DP API encrypted information. It affects applications using DP API inside Docker containers on Microsoft Windows.

We will give users additional time to apply patches before disclosing further information.

Update 2021-03-16: Detailed blogpost and further information available here.