The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of ‘r@p1d7k3y5t0r3’ which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.
[
{
"product": "Nexpose",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "6.4.49 and prior"
}
]
}
]