[jira] [Updated] (CLOUDSTACK-9927) Root admin user should be forced to change password

Rajani Karuturi (JIRA) Thu, 06 Jul 2017 03:34:23 -0700

     [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-9927?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Rajani Karuturi updated CLOUDSTACK-9927:
----------------------------------------
    Fix Version/s:     (was: 4.10.0.0)
                   4.10.1.0

> Root admin user should be forced to change password
> ---------------------------------------------------
>
>                 Key: CLOUDSTACK-9927
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9927
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Management Server
>            Reporter: Harikrishna Patnala
>            Assignee: Harikrishna Patnala
>             Fix For: 4.10.1.0
>
>
> The default password for the root admin in CloudStack is "password". The user 
> is not required to change this password.
> Using CloudStack with the default password is the same as using it with no 
> password. An attacker could log onto the management UI or API and make 
> changes to the system, delete or steal resources, and stop services.
> Mitigation:
> Do not continue in UI until admin has changed his password to something other 
> than the default. Also, do not permit the admin to change his password back 
> to the default one later.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (CLOUDSTACK-9927) Root admin user should be forced to change password

Reply via email to