Skip to main content

Credentials Management Errors

CVE-2012-0034

Severity Low
Score 2.1/10

Summary

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.

  • LOW
  • LOCAL
  • NONE
  • NONE
  • PARTIAL
  • NONE

CWE-255 - Credentials Management Errors

Weaknesses in this category are related to the management of credentials.

References

Advisory Timeline

  • Published