First published: Thu Feb 20 2014(Updated: )
Graeme Colman of Red Hat reported a sensitive data exposure flaw in Apache Zookeeper. An admin user's password appeared in plaintext in binary log files. A local user could read this information and use it to gain administrative access to the application. Update 2018-08-06: JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. This issue is a vulnerability in JBoss Fuse's usage of Apache Zookeeper, not in Zookeeper itself as was previously stated.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Jboss A-mq | =6.0.0 | |
Redhat Jboss Fuse | =6.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.