[prev in list] [next in list] [prev in thread] [next in thread] 

List:       axis-user-ja
Subject:    [jira] [Created] (AXIS2-5910) axis2.xml uses weak password , automated penetration tools are complai
From:       "robert lazarski (JIRA)" <jira () apache ! org>
Date:       2018-03-14 22:47:00
Message-ID: JIRA.13145202.1521067586000.22050.1521067620269 () Atlassian ! JIRA
[Download RAW message or body]

robert lazarski created AXIS2-5910:
--------------------------------------

             Summary: axis2.xml uses weak password , automated penetration tools are \
complaining  Key: AXIS2-5910
                 URL: https://issues.apache.org/jira/browse/AXIS2-5910
             Project: Axis2
          Issue Type: Bug
            Reporter: robert lazarski


The are 48 axis2.xml file in source control it seems, and they all have the same weak \
password in each file.  

As penetration tools become  ubiquitous, they are all finding the same problem with \
these weak credentials in axis2.xml .  

We should consider the Tomcat approach and just comment out the entire username / \
password section, as that doesn't seem to break anything. It doesn't, for example, \
break the happyaxis.jsp .

Next step I suppose would be replacing all 48 files with comments, and running the \
unit tests?

https://svn.apache.org/viewvc/tomcat/trunk/conf/tomcat-users.xml?view=co&revision=1745083&content-type=text%2Fplain


  

  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]