twiddle.sh in JBoss AS 5.0 and EAP 5.0 and previous versions accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jboss community application server 5.0.0 |
||
redhat jboss enterprise application platform 5.0.0 |