Vulnerabilities > CVE-2014-0085 - Credentials Management vulnerability in Redhat Jboss A-Mq and Jboss Fuse
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |