harikrishna-patnala opened a new pull request #2125: CLOUDSTACK-9927: Root admin user should be forced to change password ? URL: https://github.com/apache/cloudstack/pull/2125 The default password for the root admin in CloudStack is "password". The user is not required to change this password. Using CloudStack with the default password is the same as using it with no password. An attacker could log onto the management UI or API and make changes to the system, delete or steal resources, and stop services. This fix should not allow admin to continue in UI until password is changed to something other than the default. Also, do not permit the admin to change his password back to the default one later. Also fixed the issue where the password check now runs only for root admin users and not others. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
With regards, Apache Git Services
