Environment
Access Manager 4.4
Access Manager 4.3
Situation
Java SSL KeyStore Password Disclosure
Vulnerability
The execution of ps -ef shows that it uses an insecure configuration due to use of ssl.keyStorePassword.The successful execution of this vulnerability allows an attacker to get access to the password used by Java Keystore
activem+ 29633 1 0 May29 ? 00:08:14 /opt/novell/java/bin/java -Xmx512M -Dorg.apache.activemq.UseDedicatedTaskRunner=true -Dcom.sun.management.jmxremote -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStorePassword=password -Djavax.net.ssl.keyStore=/opt/novell/activemq/conf/broker.ks -Djavax.net.ssl.trustStore=/opt/novell/activemq/conf/broker.ts -Dactivemq.classpath=/opt/novell/activemq/conf; -Dactivemq.home=/opt/novell/activemq -Dactivemq.base=/opt/novell/activemq -jar /opt/novell/activemq/bin/run.jar start
Resolution
By looking at the ps –ef output it definitely gives the impression of a security vulnerability but actually it is not.
activem+ 29633 1 0 May29 ? 00:08:14 /opt/novell/java/bin/java -Xmx512M -Dorg.apache.activemq.UseDedicatedTaskRunner=true -Dcom.sun.management.jmxremote -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStorePassword=password -Djavax.net.ssl.keyStore=/opt/novell/activemq/conf/broker.ks -Djavax.net.ssl.trustStore=/opt/novell/activemq/conf/broker.ts -Dactivemq.classpath=/opt/novell/activemq/conf; -Dactivemq.home=/opt/novell/activemq -Dactivemq.base=/opt/novell/activemq -jar /opt/novell/activemq/bin/run.jar start
But these keystore and truststore files are not on the system.
msingh14:~ # ls /opt/novell/activemq/conf/broker.ks
ls: cannot access '/opt/novell/activemq/conf/broker.ks': No such file or directory
msingh14:~ # ls -l /opt/novell/activemq/conf/broker.ts
ls: cannot access '/opt/novell/activemq/conf/broker.ts': No such file or directory
The password and key/trust stores in process output are just place holder to run the activemq in SSL ( but we are not using SSL connection for activemq )
It can be work around by editing the file /opt/novell/activemq/bin/activemq.
Change the line ACTIVEMQ_OPTS="$ACTIVEMQ_OPTS $SUNJMX $SSL_OPTS" to remove the SSL_OPTS ( ACTIVEMQ_OPTS="$ACTIVEMQ_OPTS $SUNJMX ")
Restart the activemq and check the process status.
msingh14:/opt/novell/activemq # ps -aef | grep activemq
activem+ 11938 1 0 22:48 ? 00:00:03 /opt/novell/java/bin/java -Xmx512M -Dorg.apache.activemq.UseDedicatedTaskRunner=true -Dcom.sun.management.jmxremote -Dactivemq.classpath=/opt/novell/activemq/conf; -Dactivemq.home=/opt/novell/activemq -Dactivemq.base=/opt/novell/activemq -jar /opt/novell/activemq/bin/run.jar start