QwikSec

Security Database

CVE

CWE

Training

CVE-2017-5230

Published: Mar 2, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.

Vendor	Product	Versions
Rapid7	Nexpose	affected `6.4.49 and prior`

References

https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.50

x_refsource_MISC

vdb-entry

x_refsource_BID

https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.