FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

RabbitMQ-C -- auth credentials visible in commandline tool options

Affected packages
rabbitmq-c < 0.14.0

Details

VuXML ID 7e9cc7fd-6b3e-46c5-ad6d-409d90d41bbf
Discovery 2019-09-19
Entry 2024-08-30

hadmut reports:

This C library includes 2 command-line tools that can take credentials as command-line options. The credentials are exposed as plain-text in the process list. This could allow an attacker with access to the process list to see the credentials.

[source]

References

CVE Name CVE-2023-35789
URL https://nvd.nist.gov/vuln/detail/CVE-2023-35789

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.