Static Password Vulnerability in Rapid7 Nexpose Keystore

Static Password Vulnerability in Rapid7 Nexpose Keystore

CVE-2017-5230 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.

Learn more about our Api Penetration Testing.