Yes.. as far as I can tell there is currently no fix.We could create a random secret at karaf start that then needs to be sent to the port to improve security.
As the problem is only locally I would also not consider it to be too critical in most cases.
Christian Am 01.12.2015 um 23:37 schrieb Mark R Green:
We had a software team trying to use this but the OSVDB site shows a security issue with Karaf. http://osvdb.org/show/osvdb/119812 This does not appear to be fixed in 4.0.3? Mark
