Description

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

Remediation

References

Related Vulnerabilities

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory