module
Apache Tapestry HMAC secret key leak
| Disclosed |
|---|
| Apr 15, 2021 |
Disclosed
Apr 15, 2021
Description
This exploit finds the HMAC secret key used in Java serialization by Apache Tapestry. This key
is located in the file AppModule.class by default and looks like the standard representation of UUID in hex digits (hd) :
6hd-4hd-4hd-4hd-12hd
If the HMAC key has been changed to look differently, this module won't find the key because it tries to download the file
and then uses a specific regex to find the key.
is located in the file AppModule.class by default and looks like the standard representation of UUID in hex digits (hd) :
6hd-4hd-4hd-4hd-12hd
If the HMAC key has been changed to look differently, this module won't find the key because it tries to download the file
and then uses a specific regex to find the key.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.