CVE-2021-40086

An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page (that can only be viewed by an administrator). While hidden from direct view, checking the page source would reveal the secret.
References
Link Resource
https://support.primekey.com/news/posts/52 Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:primekey:ejbca:*:*:*:*:enterprise:*:*:*

Information

Published : 2021-08-24 19:15

Updated : 2022-07-12 10:42


NVD link : CVE-2021-40086

Mitre link : CVE-2021-40086


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

primekey

  • ejbca