Описание
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.
Ссылки
- MitigationVendor Advisory
- MitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.4.23 (включая)
cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00444
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.
EPSS
Процентиль: 63%
0.00444
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-798