4 matches found
Multiple Vulnerabilities Affecting Four Rapid7 Products
Today, we'd like to announce eight vulnerabilities that affect four Rapid7 products, as described in the table below. While all of these issues are relatively low severity, we want to make sure that our customers have all the information they need to make informed security decisions regarding the...
Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Logsign Remote Command Injection', 'Description' = %q This module exploits an command injection vulnerability in Logsign. By exploiting this...
CVE-2017-5230
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk...
CVE-2017-5230
The CVE-2017-5230 issue affects Rapid7 Nexpose prior to version 6.4.50, where the Java keystore used for storing saved scan credentials is encrypted with a static, non-user-modifiable password: r@p1d7k3y5t0r3 . If an attacker gains access to the keystore, they can decrypt all stored credentials u...