Weak Password Encryption in Sonatype Nexus Repository Manager LDAP Integration
CVE-2017-17717

9.8CRITICAL

Key Information:

Vendor: Sonatype
Status: Nexus Repository Manager
Vendor: CVE Published:; 3 October 2022

What is CVE-2017-17717?

The Sonatype Nexus Repository Manager, specifically versions up to 2.14.5, is susceptible to a security issue stemming from weak password encryption in its LDAP integration feature. The integration utilizes a hardcoded CMMDwoV value, which undermines the strength of user password protection, potentially allowing unauthorized access to sensitive information stored within the repository. It is crucial for users of affected versions to evaluate their security posture and implement necessary mitigations to protect against exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://openwall.com/lists/oss-security/2017/12/17/3

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2022
Vulnerability Reserved
Oct 3, 2022

JSON

Sonatype

What is CVE-2017-17717?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.