2 matches found
activemq: improper authentication allows MITM attack
Apache ActiveMQ uses LocateRegistry.createRegistry to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to...
PT-2020-13781 · Apache +2 · Apache Activemq +2
Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions prior to 5.15.12 Description: The issue allows an attacker to connect to the JMX RMI registry without authentication and rebind the jmxrmi entry. By creating a proxy server, an attacker can intercept user credentials...