Skip to main content

Cleartext Transmission of Sensitive Information

CVE-2018-14627

Severity Medium
Score 5.9/10

Summary

The IIOP OpenJDK Subsystem in WildFly before version 14.0.0.Beta2 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/>

  • HIGH
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-319 - Cleartext Transmission of Sensitive Information

The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Advisory Timeline

  • Published