CVE-2025-13532

Summary

Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms.  This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain.

Affected Software

VendorProductVersion RangeStatus
FortraCore Privileged Access Manager (BoKS)This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain. The affected platforms are: Debian 11, 12, 13, RedHat 9, 10 and Ubuntu 24.affected

Weaknesses

  • CWE-916: CWE-916 Use of Password Hash With Insufficient Computational Effort

Workarounds

Configure the OS to use SHA512 rather than yescrypt.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References