Red Hat Bugzilla – Bug 1002853
CVE-2013-4293 JON Server: Plaintext passwords in server logs
Last modified: 2015-02-15 16:52:36 EST
The JBoss Operations Network Server exposes configured passwords in plaintext within its logs by default. A malicious local user with access to these logs could use the exposed credentials.
This issue was discovered by Larry O'Leary of the Red Hat Middleware Support Engineering Group.
This issue has been addressed in following products:
Red Hat JBoss Operations Network 3.1.2
Via RHSA-2013:1448 https://rhn.redhat.com/errata/RHSA-2013-1448.html