Control: tag -1 fixed-upstream On 2023-06-11 12:28, Christian Kastner wrote: > Package: amqp-tools > Version: 0.11.0-1 > Severity: grave > Tags: security > Forwarded: https://github.com/alanxz/rabbitmq-c/issues/575 > > When passing authentication data with either --password or --url, the > data is exposed in the process list, where it can be seen by any user. > > Example: > $ pgrep -a ampq-consume > 62287 amqp-consume --url amqp://user:pass@192.168.0.1 --queue=myqueue > > This is an upstream issue. I've filed a pull request upstream that adds > an option --authfile with which authentication data can be read from a file.
A patch for this has been merged upstream: https://github.com/alanxz/rabbitmq-c/commit/463054383fbeef889b409a7f843df5365288e2a0 Best, Christian
