Skip to main content

Insufficiently Protected Credentials

CVE-2020-10727

Severity Medium
Score 5.5/10

Summary

A flaw was found in ActiveMQ Artemis management API up until version 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUser` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-522 - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Advisory Timeline

  • Published