CVE-2021-45458

Hardcoded credentials

EPSS 2.1%CWE-798

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 2.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

06 ene 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.

Productos afectados

Apache Software Foundation · Apache Kylin

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://lists.apache.org/thread/oof215qz188k16vhlo97cm1jksxdowfy http://www.openwall.com/lists/oss-security/2022/01/06/3 http://www.openwall.com/lists/oss-security/2022/01/06/7