← Zuruck zu CVEs
CVE-2026-1814
N/ABeschreibung
Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword() method. When updating legacy keystore passwords, the application generates a new password with insufficient length (7-12 characters) and a static prefix 'p', resulting in a weak keyspace. An attacker with access to the nsc.ks file can brute-force this password using consumer-grade hardware to decrypt stored credentials.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht2/3/2026
Zuletzt geandert2/9/2026
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-331
Referenzen
https://www.atredis.com/disclosure(cve@rapid7.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.