PT-2017-16405 · Rapid7+1 · Rapid7 Nexpose+1

Published

2017-03-02

Updated

2017-08-15

CVE-2017-5230

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rapid7 Nexpose versions prior to 6.4.50

Description The Java keystore in Rapid7 Nexpose uses a static, unmodifiable password for encryption, which may compromise the security of saved scan credentials stored in the keystore.

Recommendations For versions prior to 6.4.50, update to version 6.4.50 or later to address the issue with the static password used for the Java keystore encryption.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2017-5230

Affected Products

Java

Rapid7 Nexpose

PT-2017-16405 · Rapid7+1 · Rapid7 Nexpose+1

CVE-2017-5230

Weakness Enumeration

Related Identifiers

Affected Products

References · 5