axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "robert lazarski (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (AXIS2-5910) axis2.xml uses weak password , automated penetration tools are complaining
Date Wed, 14 Mar 2018 23:11:00 GMT

     [ https://issues.apache.org/jira/browse/AXIS2-5910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

robert lazarski reassigned AXIS2-5910:
--------------------------------------

    Assignee: robert lazarski

> axis2.xml uses weak password , automated penetration tools are complaining
> --------------------------------------------------------------------------
>
>                 Key: AXIS2-5910
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5910
>             Project: Axis2
>          Issue Type: Bug
>            Reporter: robert lazarski
>            Assignee: robert lazarski
>            Priority: Major
>
> There are 48 axis2.xml files in source control it seems, and they all have the same weak
password in each file. 
> As penetration tools become ubiquitous, they are all finding the same problem with these
weak credentials in axis2.xml . 
> We should consider the Tomcat approach and just comment out the entire username / password
section, as that doesn't seem to break anything. It doesn't, for example, break the happyaxis.jsp
.
> Next step I suppose would be replacing all 48 files with comments, and running the unit
tests?
> [https://svn.apache.org/viewvc/tomcat/trunk/conf/tomcat-users.xml?view=co&revision=1745083&content-type=text%2Fplain]
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message