Vulnerability in Keyfactor Ejbca
CVE-2024-36066
The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of…
EPSS: 0.002 (6.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.1 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Keyfactor Ejbca
- N/a — versions n/a
References
- cve@mitre.org (Technical Description)
- cve@mitre.org (Mitigation, Vendor Advisory)
Frequently asked questions
- What is CVE-2024-36066?
- CVE-2024-36066 is a low-severity vulnerability in Keyfactor Ejbca. CVSS score: 3.1/10. Published 2024-09-12.
- How severe is CVE-2024-36066?
- Low severity. CVSS v3 base score is 3.1 out of 10.