Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

RSA Private Key Detected

Severity: Medium
Summary#

Invicti identified an RSA private key in the web site.

When you try to login to a secure server, client application uses a digital signature to prove that you have the private key; the server checks that the signature is valid, and that the public key is authorized for your username. If all is well, you are granted access.

Impact#

When the private key is unprotected with a passphrase, anybody who steals the key can log into everything you have access to.

Even if it is protected with a passphrase, the attacker can try a huge number of possible passphrases, even with moderate computing resources. If your passphrase is a dictionary word, it can probably be broken in a matter of seconds.

Remediation#
  • Remove this kind of sensitive data from the output.
Classifications#
, , , , , ,

Select Category

OR

Search Vulnerability

Tags

OWASP 2013-A6 OWASP 2017-A3

Related Vulnerabilities

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works