What is below proves the card holder PAN is in the clear in the dump…
public class memSecurity {
public static void main (String args[]) throws Exception {
String c = "1234567887654321";
Thread.sleep(180000);
}
}
Compile and run what is above, and at the same time, trigger a heap dump with jmap, then fire up jhat pointing to the just created heap dump, and you have your card number…
…and…
