VYPR
High severity7.2NVD Advisory· Published Mar 2, 2017· Updated Jun 17, 2026

CVE-2017-5230

CVE-2017-5230

Description

The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk.

Affected products

3
  • Rapid7/Nexpose3 versions
    cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*range: <=6.4.23
    • (no CPE)range: <6.4.50
    • (no CPE)range: 6.4.49 and prior

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.