[jboss-jira] [JBoss JIRA] (WFCORE-885) World readable audit.log file
Ivo Studensky (JIRA)
issues at jboss.org
Thu Sep 3 05:49:05 EDT 2015
[ https://issues.jboss.org/browse/WFCORE-885?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ivo Studensky updated WFCORE-885:
---------------------------------
Component/s: Domain Management
(was: Security)
Git Pull Request: https://github.com/wildfly/wildfly-core/pull/1023
I've prepared a port of Peter's commit to WildFly Core.
As the current audit log code looks differently to EAP, it has to be a bit restructured.
> World readable audit.log file
> -----------------------------
>
> Key: WFCORE-885
> URL: https://issues.jboss.org/browse/WFCORE-885
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Affects Versions: 2.0.0.Beta2
> Reporter: Ondrej Lukas
> Assignee: Brian Stansberry
> Priority: Blocker
>
> Server logs sensitive information into a world readable audit.log file. This information could be used by a local attacker to gain otherwise protected information about user sessions etc.
> This issue was originally reported as CVE in https://bugzilla.redhat.com/show_bug.cgi?id=1063642. EAP 6.x branches are fixed but same issue occurs in EAP 7 again.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list