CVE-2024-36066

EPSS 0.40% · P61 Updated Mar 26, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-36066

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication (the other option is certificate-based). RFC 4211 section 4.4 requires that password-based MAC parameters use a salt with a random value of at least 8 octets. This helps to inhibit dictionary attacks. Because the standalone CMP client originally was developed as test code, the salt was instead hardcoded and only 6 octets long.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

EJBCA 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

EJBCA是Keyfactor开源的一个开源公钥基础设施（PKI）和证书颁发机构（CA）软件。 EJBCA 8.3.1之前版本存在安全漏洞，该漏洞源于CMP CLI客户端的盐值长度不符合RFC 4211的安全要求，会使中间人攻击更容易发生。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2024-36066

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-36066

请登录查看更多情报信息。

Same Patch Batch · n/a · 2024-09-12 · 12 CVEs total

CVE-2024-40457		No-IP Dynamic Update Client 安全漏洞
CVE-2024-45181		Wibu-Systems WibuKey 安全漏洞
CVE-2024-45182		Wibu-Systems WibuKey 安全漏洞
CVE-2024-41629		Texas Instruments Fusion Digital Power Designer 安全漏洞
CVE-2024-44460		NanoMQ 安全漏洞
CVE-2024-44459		VerneMQ 安全漏洞
CVE-2024-25270		Mirapolis LMS 安全漏洞
CVE-2024-34336		ORDAT FOSS-Online 安全漏洞
CVE-2024-34334		ORDAT FOSS-Online 安全漏洞
CVE-2024-34335		ORDAT FOSS-Online 安全漏洞
CVE-2020-24061		KASDA KW5515 安全漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2024-36066

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-36066

I. Basic Information for CVE-2024-36066

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-36066

III. Intelligence Information for CVE-2024-36066

Same Patch Batch · n/a · 2024-09-12 · 12 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-36066

Leave a comment