axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "robert lazarski (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AXIS2-5910) axis2.xml uses weak password , automated penetration tools are complaining
Date Wed, 14 Mar 2018 22:47:00 GMT
robert lazarski created AXIS2-5910:
--------------------------------------

             Summary: axis2.xml uses weak password , automated penetration tools are complaining
                 Key: AXIS2-5910
                 URL: https://issues.apache.org/jira/browse/AXIS2-5910
             Project: Axis2
          Issue Type: Bug
            Reporter: robert lazarski


The are 48 axis2.xml file in source control it seems, and they all have the same weak password
in each file. 

As penetration tools become ubiquitous, they are all finding the same problem with these
weak credentials in axis2.xml . 

We should consider the Tomcat approach and just comment out the entire username / password
section, as that doesn't seem to break anything. It doesn't, for example, break the happyaxis.jsp
.

Next step I suppose would be replacing all 48 files with comments, and running the unit tests?

https://svn.apache.org/viewvc/tomcat/trunk/conf/tomcat-users.xml?view=co&revision=1745083&content-type=text%2Fplain

 

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message