2 matches found
CVE-2026-1814 Rapid7 Nexpose Insecure Java Keystore Password Generation
Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword method. When updating legacy keystore passwords, the application generates a new password with insufficient length 7-12 characters and a static prefix...
PT-2018-16936 · Legion Of The Bouncy Castle · Bouncy Castle
Name of the Vulnerable Software and Affected Versions: Bouncy Castle versions prior to 1.47 Description: The default BKS keystore uses an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. This issue applies to any BKS keystore generated pri...