Improper Authentication

Affecting org.apache.activemq:activemq-broker artifact, versions [,5.15.12)

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation.

Affected versions of this package are vulnerable to Improper Authentication. Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the jmxrmi entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.

Remediation

Upgrade org.apache.activemq:activemq-broker to version 5.15.12 or higher.

References

CVSS Score

5.9
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    None
  • Availability
    None
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:R
Credit
Jonathan Gallimore & Colm O hEigeartaigh
CVE
CVE-2020-13920
CWE
CWE-287
Snyk ID
SNYK-JAVA-ORGAPACHEACTIVEMQ-674315
Disclosed
11 Sep, 2020
Published
11 Sep, 2020