Why the hawtio console exposes user password ?

Issue

The "Hawtio" console in JBoss Fuse 6.1.0 exposes the users password, Can it be avoided ?
The "Hawtio" console make the password of currently logged user visible when checking container urls.
Following is the step to reproduce the issue:
- Install a fresh "jboss-fuse-full-6.1.0.redhat-379.zip"
- Start the Fuse and then create fabric as following:

    JBossFuse:karaf@root> fabric:create
    Waiting for container: root
    Using specified zookeeper password:admin
    It may take a couple of seconds for the container to provision...
    You can use the --wait-for-provisioning option, if you want this command to block until the container is provisioned.

Access the hawtio web console and then navigate to the following URL:
http://localhost:8181/hawtio/index.html#/fabric/container/root?tab=URLs
Check the URL which shows the password in clear text:

    git clone -b 1.0 http://admin:admin@aaa.com:8181/git/fabric

Environment

JBoss Fuse
- 6.1.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories