-
Type:
Bug
-
Status: Done
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: AMQ 7.0.3.GA
-
Fix Version/s: AMQ 7.2.0.GA
-
Component/s: console
-
Labels:
-
Target Release:
-
Steps to Reproduce:
-
Affects:Release Notes
-
Release Notes Text:A security issue has been fixed for AMQ Console. Before, if you logged into AMQ Console, the value of the Password field was visible from local storage using Google Chrome Developer tools.
-
Release Notes Docs Status:Documented as Resolved Issue
Security issue with AMQ 7 management console.
After login to Management Console, in Management Console Preferences window at Artemis tab details the password field value is clearly visible in local storage key:value section using Chrome Developer tools.
In local storage for the key artemisPassword, the value is the actual password, a user logged in to the admin console.
This key value pair even available and visible even if user get log out from the console and close the browser.
Attached is the screen-shot.
- follows up on
-
ENTMQBR-1701 Store login and password in local storage is not safe
-
- New
-
- is duplicated by
-
ENTMQBR-1268 fix hawtio console security issue
-
- Done
-
- is caused by
-
ARTEMIS-1681 Loading...