BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).
CPE | Name | Operator | Version |
---|---|---|---|
bosh_system_metrics_server | lt | 0.1.0 |