[Bug 1448337] New: CVE-2017-4966 rabbitmq: Authentication details are stored in browser-local storage without expiration

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1448337

            Bug ID: 1448337
           Summary: CVE-2017-4966 rabbitmq: Authentication details are
                    stored in browser-local storage without expiration
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-t...@redhat.com
          Reporter: ane...@redhat.com
                CC: aort...@redhat.com, ape...@redhat.com,
                    ayo...@redhat.com, chr...@redhat.com,
                    cvsbot-xml...@redhat.com,
                    erlang@lists.fedoraproject.org,
                    hubert.plocinic...@gmail.com, jecke...@redhat.com,
                    jjo...@redhat.com, j...@fornwall.com,
                    jschl...@redhat.com, kba...@redhat.com,
                    lemen...@gmail.com, l...@redhat.com, lp...@redhat.com,
                    mar...@redhat.com, pleme...@redhat.com,
                    rbry...@redhat.com, rjo...@redhat.com,
                    scle...@redhat.com, sisha...@redhat.com,
                    srev...@redhat.com, s...@shk.io, tdeca...@redhat.com




It was found that the rabbitmq authentication details are being stored
indefinitely in the local browser cache.

External References:

https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_9

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
erlang mailing list -- erlang@lists.fedoraproject.org
To unsubscribe send an email to erlang-le...@lists.fedoraproject.org