An issue exists in the C AMQP client library (aka rabbitmq-c) up to and including 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rabbitmq-c project rabbitmq-c |