Description

One or more pages containing RSA private key(s) were found. Public-key cryptosystems have two primary uses, encryption and digital signatures. In their system, each person gets a pair of keys, one called the public key and the other called the private key. The public key is published, while the private key is kept secret. A private key should never be accessible directly from the web.This information can be used to conduct further attacks.

This alert may be a false positive, manual confirmation is required.

Remediation

Prevent this information from being displayed to the user.

References

Public-key cryptography

Related Vulnerabilities

WordPress Plugin Swim Team Arbitrary File Download (1.44.1077)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-3529)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.30)

Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)

Nginx memory disclosure with specially crafted HTTP backend responses

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure