A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14886 | Issue Tracking Third Party Advisory |
https://groups.google.com/forum/?utm_medium=email&utm_source=footer#%21msg/jbpm-usage/74pSuwfGKRU/0oXpmRScBQAJ |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2020-03-05 18:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-14886
Mitre link : CVE-2019-14886
CVE.ORG link : CVE-2019-14886
JSON object : View
Products Affected
redhat
- process_automation_manager
- decision_manager
CWE
CWE-312
Cleartext Storage of Sensitive Information