Описание
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer’s tenant and impersonate a user.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00619
Низкий
7.5 High
CVSS3
Дефекты
CWE-287
CWE-287
Связанные уязвимости
CVSS3: 7.5
github
больше 1 года назад
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer’s tenant and impersonate a user.
EPSS
Процентиль: 70%
0.00619
Низкий
7.5 High
CVSS3
Дефекты
CWE-287
CWE-287