Vulnerabilities > CVE-2014-0085 - Credentials Management vulnerability in Redhat Jboss A-Mq and Jboss Fuse

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
redhat
CWE-255

Summary

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

Vulnerable Configurations

Part Description Count
Application
Redhat
2

Common Weakness Enumeration (CWE)