CNNVD-202602-442 Information
CNNVD ID
CNNVD-202602-442
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Rapid7 Nexpose是美国Rapid7公司的一套能够利用扫描结果深度探测网络的漏洞管理软件。该软件支持扫描配置环境的错误、漏洞、恶意软件等。 Rapid7 Nexpose 6.4.50及之后版本存在安全漏洞,该漏洞源于CredentialsKeyStorePassword.generateRandomPassword方法熵不足,生成弱密码,可能导致攻击者暴力破解并解密存储的凭据。
Description (English)
Rapid7 Nexpose is a leak management software for the United States company Rapid7 that can use scanning results to explore the network in depth. The software supports the scanning of errors, loopholes, malware, etc. in the configuration environment. There is a security loophole in Rapid7 Nexpose 6.4.50 et seq., which stems from the lack of a CredentialsKeyStorePassword.generateRandomPassword method, which generates weak passwords that could lead to violent deciphering and decryption of stored evidence by the attackers.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Rapid7
Published
2026-02-03
Last Modified
2026-02-24
References
https://www.atredis.com/disclosure https://access.redhat.com/security/cve/cve-2026-1814
Share on: