The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform prior to 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote malicious users to obtain login credentials via a man-in-the-middle (MITM) attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jboss enterprise data services platform 5.1.0 |
||
redhat jboss enterprise data services platform |