CVE-2014-0085 - OpenCVE

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Jboss Fuse Jboss A-mq

Configuration 1 [-]

OR	cpe:2.3:a:redhat:jboss_a-mq:6.0.0:::::::*
	cpe:2.3:a:redhat:jboss_fuse:6.0.0:::::::*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085	Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2014-04-17T14:00:00

Updated: 2018-08-09T17:57:02

Reserved: 2013-12-03T00:00:00

Link: CVE-2014-0085

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-04-17T14:55:06.467

Modified: 2018-10-23T13:57:03.313

Link: CVE-2014-0085

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C4404A-CFB7-4B47-9487-F998825C31CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A305F012-544E-4245-9D69-1C8CD37748B1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log."}, {"lang": "es", "value": "JBoss Fuse no habilitaba contrase\u00f1as cifradas por defecto en su uso de Apache Zookeeper. Esto permiti\u00f3 la divulgaci\u00f3n de informaci\u00f3n confidencial a trav\u00e9s del registro de usuarios locales. Nota: esta descripci\u00f3n ha sido actualizada. El texto anterior identificaba err\u00f3neamente el origen del problema como Zookeeper. Texto anterior: Apache Zookeeper registra contrase\u00f1as de administrador en texto claro, lo que permite a los usuarios locales obtener informaci\u00f3n sensible leyendo el registro."}], "id": "CVE-2014-0085", "lastModified": "2018-10-23T13:57:03.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-17T14:55:06.467", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}