CVE-2024-36066

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication the...

CVE-2024-49201

Keyfactor Remote File Orchestrator aka remote-file-orchestrator 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level...

CVE-2024-49202

Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0...

CVE-2023-34196

In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates attributes and public keys to unauthenticated or less privileged users may...

CVE-2022-34831

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one o...

EJBCA 注入漏洞

EJBCA is an open source Public Key Infrastructure PKI and Certificate Authority CA software from Keyfactor Open Source. An injection vulnerability exists in EJBCA version 8.0 that stems from a redirection attack that could result from modifying the Host header...

CVE-2024-49201

Keyfactor Remote File Orchestrator aka remote-file-orchestrator 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level...

CVE-2024-49202

Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0...

CVE-2024-49201

Keyfactor Remote File Orchestrator aka remote-file-orchestrator 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level...

CVE-2024-49202

Keyfactor Command prior to v12.5.0 contains an Incorrect Access Control issue where access tokens have over-permissioned rights (64099). Reported across multiple sources, the vulnerability affects versions before 12.5.0 and fixes are provided in the following releases: 11.5.1.1, 11.5.2.1, 11.5.3....

CVE-2024-49201

CVE-2024-49201 affects Keyfactor Remote File Orchestrator (remote-file-orchestrator) before 2.8.1. The issue is information disclosure via debug logging, exposing sensitive data at logging level. Affected version range: 2.8 and earlier; fixed in 2.8.1 (per sources). Impact is information leakage;...

CVE-2024-49202

Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0...

CVE-2024-49201

Keyfactor Remote File Orchestrator aka remote-file-orchestrator 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level...

CVE-2024-49202

Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0...

PT-2024-33344 · Keyfactor · Keyfactor Command

Name of the Vulnerable Software and Affected Versions: Keyfactor Command versions prior to 12.5.0 Description: The issue concerns incorrect access control where access tokens have more permissions than allowed. Recommendations: For versions prior to 12.5.0, update to one of the fixed versions:...

CVE-2024-49201

Keyfactor Remote File Orchestrator aka remote-file-orchestrator 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level...

Keyfactor Command 安全漏洞

Keyfactor Command is a PKI and machine identity automation application from Keyfactor. A security vulnerability exists in Keyfactor Command prior to version 12.5.0 that stems from the inclusion of an incorrect access control issue...

CVE-2024-36066

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication the...

CVE-2024-36066

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication the...

CVE-2024-36066

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication the...