CVE-2012-0034

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Application Platform (EAP) versions 5.1.2 through 5.2.0 Web Platform (EWP) versions 5.1.2 through 5.2.0 BRMS Platform versions prior to 5.3.1

Description The issue allows local users to obtain sensitive information, specifically usernames and passwords, by reading the log file when an exception is thrown. This occurs because the NonManagedConnectionFactory logs the username and password in cleartext.

Recommendations For JBoss Enterprise Application Platform (EAP) versions 5.1.2 through 5.2.0, consider updating to a version that does not log sensitive information in cleartext. For Web Platform (EWP) versions 5.1.2 through 5.2.0, consider updating to a version that does not log sensitive information in cleartext. For BRMS Platform versions prior to 5.3.1, update to version 5.3.1 or later to resolve the issue.