Pure Storage FlashArray Key Encryption Key Logging Vulnerability During Key Rotation

Vulnerability

A vulnerability exists in Pure Storage FlashArray systems where the Key Encryption Key (KEK) is inadvertently logged during the key rotation process, but only when RDL (Recovery Data Lifecycle) is enabled. This could potentially expose sensitive encryption keys in the system logs.

Impact

Logging the Key Encryption Key during key rotation could lead to unauthorized access to encrypted data, as the KEK is used to encrypt and decrypt keys that protect user data.

Added: Jun 16, 2025, 5:25 PM

Updated: Jun 16, 2025, 5:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pure Storage FlashArray Key Encryption Key Logging Vulnerability During Key Rotation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating