Home

Description

Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword() method. When updating legacy keystore passwords, the application generates a new password with insufficient length (7-12 characters) and a static prefix 'p', resulting in a weak keyspace. An attacker with access to the nsc.ks file can brute-force this password using consumer-grade hardware to decrypt stored credentials.

PUBLISHED Reserved 2026-02-03 | Published 2026-02-03 | Updated 2026-02-09 | Assigner rapid7




MEDIUM: 6.8CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-331 Insufficient Entropy

Product status

Default status
unaffected

6.4.50 (semver) before 8.36.0
affected

Credits

Justin Kennedy finder

Atredis Partners sponsor

Stephen Breen finder

Phil Brass finder

References

www.atredis.com/disclosure exploit third-party-advisory

cve.org (CVE-2026-1814)

nvd.nist.gov (CVE-2026-1814)

Download JSON