A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25640
Reference (s):
- https://security.netapp.com/advisory/ntap-20201210-0001/
- https://bugzilla.redhat.com/show_bug.cgi?id=1881637
- URL: https://bugzilla.redhat.com/show_bug.cgi?id=1881637
- https://github.com/amqphub/amqp-10-resource-adapter/issues/13
- URL: https://github.com/amqphub/amqp-10-resource-adapter/issues/13