Unencrypted Passwords in JBoss Fuse Logging Vulnerability

Unencrypted Passwords in JBoss Fuse Logging Vulnerability

CVE-2014-0085 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

Learn more about our Cis Benchmark Audit For Apache Http Server.