Details
-
Bug
-
Resolution: Done
-
Major
-
AMQ 7.0.3.GA
-
Release Notes
-
A security issue has been fixed for AMQ Console. Before, if you logged into AMQ Console, the value of the Password field was visible from local storage using Google Chrome Developer tools.
-
Documented as Resolved Issue
-
Description
Security issue with AMQ 7 management console.
After login to Management Console, in Management Console Preferences window at Artemis tab details the password field value is clearly visible in local storage key:value section using Chrome Developer tools.
In local storage for the key artemisPassword, the value is the actual password, a user logged in to the admin console.
This key value pair even available and visible even if user get log out from the console and close the browser.
Attached is the screen-shot.
Attachments
Issue Links
- is duplicated by
-
ENTMQBR-1268 fix hawtio console security issue
- Closed
- relates to
-
ENTMQBR-1701 Store login and password in local storage is not safe
- Closed
- is caused by
-
ARTEMIS-1681 Loading...