A critical vulnerability in Sitevision CMS, identified as CVE-2022-35202, has been discovered, potentially exposing private signing keys used for SAML authentication. The flaw, present in versions 10.3.1 and earlier, arises from the use of auto-generated, low-complexity passwords to secure Java keystores. These keystores, accessible via improperly configured WebDAV instances, can be exploited by attackers to … Continue reading Sitevision Auto-Generated Password Vulnerability Expose Signing Key to Hackers