Keyfactor Ejbca
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Keyfactor Ejbca.
By the Year
In 2026 there have been 0 vulnerabilities in Keyfactor Ejbca. Ejbca did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 3.10 |
| 2023 | 1 | 8.20 |
It may take a day or so for new Ejbca vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Keyfactor Ejbca Security Vulnerabilities
KeyFactor EJBCA CMP CLI <8octet salt (v<8.3.1)
CVE-2024-36066
3.1 - Low
- September 12, 2024
The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication (the other option is certificate-based). RFC 4211 section 4.4 requires that password-based MAC parameters use a salt with a random value of at least 8 octets. This helps to inhibit dictionary attacks. Because the standalone CMP client originally was developed as test code, the salt was instead hardcoded and only 6 octets long.
Keyfactor EJBCA <8.0.0 RA Servlet DoS & Unauthorized CA Disclosure
CVE-2023-34196
8.2 - High
- August 03, 2023
In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur.
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Keyfactor Ejbca or by Keyfactor? Click the Watch button to subscribe.
