Package: amqp-tools Version: 0.11.0-1 Severity: grave Tags: security Forwarded: https://github.com/alanxz/rabbitmq-c/issues/575
When passing authentication data with either --password or --url, the data is exposed in the process list, where it can be seen by any user. Example: $ pgrep -a ampq-consume 62287 amqp-consume --url amqp://user:pass@192.168.0.1 --queue=myqueue This is an upstream issue. I've filed a pull request upstream that adds an option --authfile with which authentication data can be read from a file. Best, Christian
