Messaging: unauthorized cluster access
| Package(s): | Messaging | CVE #(s): | CVE-2011-3620 | ||||||||
| Created: | May 1, 2012 | Updated: | May 2, 2012 | ||||||||
| Description: | From the Red Hat advisory:
It was found that Qpid accepted any password or SASL mechanism, provided the remote user knew a valid cluster username. This could give a remote attacker unauthorized access to the cluster, exposing cluster messages and internal Qpid/MRG configurations. | ||||||||||
| Alerts: |
| ||||||||||