If you execute the resetUsers operation, the new password is stored in plain text in the etc/artemis-users.properties file.
External References: https://issues.redhat.com/browse/ENTMQBR-3435
Acknowledgments: Name: Justin Bertram (Reporter)
Mitigation: When resetting a user an alternative is to use the broker instance CLI `/bin/artemis user reset` which is not affected by the flaw
This issue has been addressed in the following products: Red Hat AMQ Via RHSA-2020:2751 https://access.redhat.com/errata/RHSA-2020:2751
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-10727
This issue has been addressed in the following products: Red Hat AMQ Via RHSA-2020:3133 https://access.redhat.com/errata/RHSA-2020:3133