JBoss Cache NonManagedConnectionFactory will log the password in clear text when an exception occurs

更新时间：2022-09-20 23:09:40

http://anonsvn.jboss.org/repos/jbosscache/core/trunk/src/main/java/org/jboss/cache/loader/NonManagedConnectionFactory.java

088 public Connection getConnection()
089 {
......
099 catch (SQLException e)
100 {
101 reportAndRethrowError("Failed to get connection for url=" + url + ", user=" + usr + ", password=" + pwd, e);

So upon a connection error, the user/password will end up in the logfile in clear text

上一篇 : ：Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability下一篇 : CVE-2011-4107 PoC - phpMyAdmin Local File Inclusion via XXE injection

JBoss Cache NonManagedConnectionFactory will log the password in clear text when an exception occurs

相关阅读

推荐文章