-
Bug
-
Resolution: Fixed
-
Major
-
None
-
None
(Rob pointed this out so I'm making him the reporter - JF)
REST servlets use "mmdb" as the realm. So if you have two mmdb webapps deployed in the same container, REST authentication state spans both apps, which is a potential attack vector.