CVE-2012-3431
N/A
N/A
Summary
The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78803
- http://rhn.redhat.com/errata/RHSA-2012-1301.html
- https://bugzilla.redhat.com/show_bug.cgi?id=843669
- http://www.securityfocus.com/bid/55634
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78803
- http://rhn.redhat.com/errata/RHSA-2012-1301.html
- https://bugzilla.redhat.com/show_bug.cgi?id=843669
- http://www.securityfocus.com/bid/55634
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.