[prev in list] [next in list] [prev in thread] [next in thread]
List: axis-user-ja
Subject: [jira] [Created] (AXIS2-5910) axis2.xml uses weak password , automated penetration tools are complai
From: "robert lazarski (JIRA)" <jira () apache ! org>
Date: 2018-03-14 22:47:00
Message-ID: JIRA.13145202.1521067586000.22050.1521067620269 () Atlassian ! JIRA
[Download RAW message or body]
robert lazarski created AXIS2-5910:
--------------------------------------
Summary: axis2.xml uses weak password , automated penetration tools are \
complaining Key: AXIS2-5910
URL: https://issues.apache.org/jira/browse/AXIS2-5910
Project: Axis2
Issue Type: Bug
Reporter: robert lazarski
The are 48 axis2.xml file in source control it seems, and they all have the same weak \
password in each file.
As penetration tools become ubiquitous, they are all finding the same problem with \
these weak credentials in axis2.xml .
We should consider the Tomcat approach and just comment out the entire username / \
password section, as that doesn't seem to break anything. It doesn't, for example, \
break the happyaxis.jsp .
Next step I suppose would be replacing all 48 files with comments, and running the \
unit tests?
https://svn.apache.org/viewvc/tomcat/trunk/conf/tomcat-users.xml?view=co&revision=1745083&content-type=text%2Fplain
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic