Why the hawtio console exposes user password ?

Solution Unverified - Updated -


  • The "Hawtio" console in JBoss Fuse 6.1.0 exposes the users password, Can it be avoided ?
  • The "Hawtio" console make the password of currently logged user visible when checking container urls.
  • Following is the step to reproduce the issue:
    • Install a fresh "jboss-fuse-full-6.1.0.redhat-379.zip"
    • Start the Fuse and then create fabric as following:
    JBossFuse:karaf@root> fabric:create
    Waiting for container: root
    Using specified zookeeper password:admin
    It may take a couple of seconds for the container to provision...
    You can use the --wait-for-provisioning option, if you want this command to block until the container is provisioned.
    git clone -b 1.0 http://admin:admin@aaa.com:8181/git/fabric


  • JBoss Fuse
    • 6.1.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content