Details
-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
JBossAS-4.0.3 SP1
-
None
Description
The Jboss salt to encrypt and decrypt passwords are stored in clear text in the jboss source that can be downloaded by everyone. Anyone that has a basic understanding of how java works can take the source tree get the class definition that has the password encryption and turn it into a a password decryption class.