2 matches found
nsufficiently Protected Credentials in ActiveMQ Artemis
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file etc/artemis-users.properties file when executing the resetUsers operation. A local attacker can use this flaw to read the...
CVE-2020-10727
CVE-2020-10727 affects ActiveMQ Artemis management API from version 2.7.0 up to 2.12.0. The root cause is that during the resetUsers operation, passwords are stored in plaintext in the Artemis shadow file (etc/artemis-users.properties), enabling a local attacker to read the shadow file contents. ...