Description
JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085
Related Vulnerabilities
CVE-2019-18394 Vulnerability in maven package org.igniterealtime.openfire:xmppserver
CVE-2019-15482 Vulnerability in npm package selectize-plugin-a11y
CVE-2021-21266 Vulnerability in maven package org.openhab.addons.bundles:org.openhab.binding.gce
CVE-2020-2233 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-maven-parent
CVE-2020-2172 Vulnerability in maven package org.jenkins-ci.plugins:code-coverage-api