CVE-2017-5230
N/A
N/A
Summary
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rapid7 | Nexpose | 6.4.49 and prior | affected |
Weaknesses
- Hard-Coded Password
ADP Enrichment
CVE Program Container
Additional References
- https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.50
- http://www.securityfocus.com/bid/96956
- https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products
References
- https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.50
- http://www.securityfocus.com/bid/96956
- https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.