[Bug 1448337] New: CVE-2017-4966 rabbitmq: Authentication details are stored in browser-local storage without expiration

https://bugzilla.redhat.com/show_bug.cgi?id=1448337 Bug ID: 1448337 Summary: CVE-2017-4966 rabbitmq: Authentication details are stored in browser-local storage without expiration Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: aortega(a)redhat.com, apevec(a)redhat.com, ayoung(a)redhat.com, chrisw(a)redhat.com, cvsbot-xmlrpc(a)redhat.com, erlang(a)lists.fedoraproject.org, hubert.plociniczak(a)gmail.com, jeckersb(a)redhat.com, jjoyce(a)redhat.com, josh(a)fornwall.com, jschluet(a)redhat.com, kbasil(a)redhat.com, lemenkov(a)gmail.com, lhh(a)redhat.com, lpeer(a)redhat.com, markmc(a)redhat.com, plemenko(a)redhat.com, rbryant(a)redhat.com, rjones(a)redhat.com, sclewis(a)redhat.com, sisharma(a)redhat.com, srevivo(a)redhat.com, s(a)shk.io, tdecacqu(a)redhat.com It was found that the rabbitmq authentication details are being stored indefinitely in the local browser cache. External References: https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_9 -- You are receiving this mail because: You are on the CC list for the bug.