The JBoss Operations Network Server exposes configured passwords in plaintext within its logs by default. A malicious local user with access to these logs could use the exposed credentials.
Acknowledgements: This issue was discovered by Larry O'Leary of the Red Hat Middleware Support Engineering Group.
This issue has been addressed in following products: Red Hat JBoss Operations Network 3.1.2 Via RHSA-2013:1448 https://rhn.redhat.com/errata/RHSA-2013-1448.html