CVE-2019-14222: Default Certificate in Alfresco Community# CVE-2019-14222: Default Certificate in Alfresco Community
Alfresco Community 5.x and below ships by default with a set of known private certificates. Anyone who downloads and installs the Alfresco Community software on a local machine gets access to these files.
Once obtained, these private keys can be used to:
- Gain access to Solr (which uses x509 certificate authentication)
- Launch active MITM attacks using a trusted Alfresco Certificate
- Launch passive decryption attacks if Non-Ephemeral ciphers are used
### NVD Disclosure:
The disclosure for this vulnerability can be found [here](https://nvd.nist.gov/vuln/detail/CVE-2019-14222).
### Requirements:
This vulnerability requires:
<br/>
- That the Alfresco appliaction uses the default SSL/TLS certificates
### Proof Of Concept:
More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2019-14222/blob/main/Alfresco%20-%20CVE-2019-14222.pdf).
[4.0K] /data/pocs/54abca4ca9032da5b2d053fe9a557d0ab81ed862
├── [1.3M] Alfresco - CVE-2019-14222.pdf
└── [ 958] README.md
0 directories, 2 files