Insufficient Salt Length in KeyFactor EJBCA CMP CLI Client
CVE-2024-36066

3.1LOW

Key Information:

Vendor: Keyfactor
Status: Ejbca
Vendor: CVE Published:; 12 September 2024

What is CVE-2024-36066?

The CMP CLI client in KeyFactor EJBCA versions prior to 8.3.1 has a vulnerability stemming from the use of a hardcoded salt of only 6 octets. This is non-compliant with the security standards outlined in RFC 4211, which states that salt values should be at least 8 octets long. The inadequacy of the salt length can lead to increased susceptibility to man-in-the-middle attacks and dictionary attacks, thereby compromising message integrity and authentication when utilizing the password-based MAC option.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://datatracker.ietf.org/doc/html/rfc4211#section-4.4

https://support.keyfactor.com/hc/en-us/articles/269656870...

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2024

JSON

Keyfactor

What is CVE-2024-36066?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.