Vulnerability in Keyfactor Ejbca

CVE-2024-36066

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of…

EPSS: 0.002 (6.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.1 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

References

Frequently asked questions

What is CVE-2024-36066?
CVE-2024-36066 is a low-severity vulnerability in Keyfactor Ejbca. CVSS score: 3.1/10. Published 2024-09-12.
How severe is CVE-2024-36066?
Low severity. CVSS v3 base score is 3.1 out of 10.