Primary

Context

Apache APISIX Basic Authentication Logging Vulnerability Exposes Plaintext Credentials

Vulnerability

Patched

A vulnerability in Apache APISIX basic authentication logging has been identified, where plaintext usernames and passwords are written to error logs. This occurs when the log level is set to INFO or DEBUG, creating a significant risk of credential compromise through log access. The issue affects Apache APISIX version 1.0.

Impact

Exploitation of this vulnerability leads to unauthorized exposure of plaintext credentials, including usernames and passwords, which could be accessed through the application's log files.

Remediation

Users are advised to upgrade to Apache APISIX version 3.14, which addresses this vulnerability.

Added: Oct 31, 2025, 9:18 AM

Updated: Oct 31, 2025, 2:20 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache APISIX Basic Authentication Logging Vulnerability Exposes Plaintext Credentials

Vulnerability

Impact

Remediation

Affected Products

Apache APISIX

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating