PT-2021-22797 · Primekey · Primekey Ejbca
Published
2021-08-25
·
Updated
2024-03-06
·
CVE-2021-40087
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PrimeKey EJBCA versions prior to 7.6.0
Description
An issue was discovered where modifications to enrollment secrets in the alias configurations of certain protocols were logged in cleartext in the audit log. This affects the use of protocols such as SCEP, CMP, or EST.
Recommendations
For versions prior to 7.6.0, update to version 7.6.0 or later to resolve the issue.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Primekey Ejbca