Static Password Vulnerability in Rapid7 Nexpose Keystore
CVE-2017-5230 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.
Learn more about our Api Penetration Testing.