Actually, we implemented some workaround like the possibility to provide
the shutdown command.
The random command ID is already generated by Karaf at startup.
I agree with Christian that it's not a huge security issue.
The corresponding Jira is there:
https://issues.apache.org/jira/browse/KARAF-3825
Regards
JB
On 12/02/2015 12:43 PM, Christian Schneider wrote:
Yes.. as far as I can tell there is currently no fix.
We could create a random secret at karaf start that then needs to be
sent to the port to improve security.
As the problem is only locally I would also not consider it to be too
critical in most cases.
Christian
Am 01.12.2015 um 23:37 schrieb Mark R Green:
We had a software team trying to use this but the OSVDB site shows a
security issue with Karaf.
http://osvdb.org/show/osvdb/119812
This does not appear to be fixed in 4.0.3?
Mark
--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com
