2 matches found
CVE-2021-40086
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...
CVE-2021-40086
PrimeKey EJBCA before 7.6.0 exposes the enrollment secret for SCEP, CMP, EST, and Auto-enrollment on an administrator-viewable page; the secret is recoverable via page source inspection. Affected: versions prior to 7.6.0. Impact: potential leakage of enrollment configuration secrets. Root cause: ...