Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jboss EAP Cryptographic Issues Vulnerability - CVE-2014-0035 - Vulnerability Database
Jboss EAP

Jboss EAP Cryptographic Issues Vulnerability - CVE-2014-0035

Medium
Reference: CVE-2014-0035
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-0035
Title: Jboss EAP Cryptographic Issues Vulnerability
Overview:

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10 when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken transmits the UsernameToken in cleartext which allows remote attackers to obtain sensitive information by sniffing the network.