[jboss-jira] [JBoss JIRA] (WFCORE-885) World readable audit.log file
Rostislav Svoboda (JIRA)
issues at jboss.org
Tue Aug 25 09:16:45 EDT 2015
[ https://issues.jboss.org/browse/WFCORE-885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13101509#comment-13101509 ]
Rostislav Svoboda commented on WFCORE-885:
------------------------------------------
[~brian.stansberry], hope you are the right person ;)
> World readable audit.log file
> -----------------------------
>
> Key: WFCORE-885
> URL: https://issues.jboss.org/browse/WFCORE-885
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 2.0.0.Beta2
> Reporter: Ondrej Lukas
> Assignee: Brian Stansberry
> Priority: Blocker
>
> Server logs sensitive information into a world readable audit.log file. This information could be used by a local attacker to gain otherwise protected information about user sessions etc.
> This issue was originally reported as CVE in https://bugzilla.redhat.com/show_bug.cgi?id=1063642. EAP 6.x branches are fixed but same issue occurs in EAP 7 again.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list