Harikrishna Patnala created CLOUDSTACK-9927:
-----------------------------------------------
Summary: Root admin user should be forced to change password
Key: CLOUDSTACK-9927
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9927
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Management Server
Reporter: Harikrishna Patnala
Assignee: Harikrishna Patnala
Fix For: 4.10.0.0
The default password for the root admin in CloudStack is "password". The user
is not required to change this password.
Using CloudStack with the default password is the same as using it with no
password. An attacker could log onto the management UI or API and make changes
to the system, delete or steal resources, and stop services.
Mitigation:
Do not continue in UI until admin has changed his password to something other
than the default. Also, do not permit the admin to change his password back to
the default one later.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
