qpid-broker-core is vulnerable to information leakage. It is possible for a remote attacker to determine the existence of user accounts due to a prematurely termination SCRAM SASL negotiation. This vulnerability only applies for applications using the SCRAM-SHA-1 or SCAM-SHA-256 AuthenticationProvider.
CPE | Name | Operator | Version |
---|---|---|---|
apache qpid broker-j core | eq | 6.1.0 | |
apache qpid broker-j core | le | 6.0.5 |