There was a leak of the Subject, but not the authentication info. See the patch announcement for the fix and more info:http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3836700#3836700