RSA Private Key Detected

Severity: Medium
Summary#

Invicti identified an RSA private key in the web site.

When you try to login to a secure server, client application uses a digital signature to prove that you have the private key; the server checks that the signature is valid, and that the public key is authorized for your username. If all is well, you are granted access.

Impact#

When the private key is unprotected with a passphrase, anybody who steals the key can log into everything you have access to.

Even if it is protected with a passphrase, the attacker can try a huge number of possible passphrases, even with moderate computing resources. If your passphrase is a dictionary word, it can probably be broken in a matter of seconds.

Remediation#
  • Remove this kind of sensitive data from the output.
OR

Search Vulnerability

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works