Описание
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page (that can only be viewed by an administrator). While hidden from direct view, checking the page source would reveal the secret.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.6.0 (исключая)
cpe:2.3:a:primekey:ejbca:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 42%
0.00205
Низкий
2.2 Low
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 2.2
github
больше 3 лет назад
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page (that can only be viewed by an administrator). While hidden from direct view, checking the page source would reveal the secret.
EPSS
Процентиль: 42%
0.00205
Низкий
2.2 Low
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-200