Eduardo Aguinaga created KARAF-4202: ---------------------------------------
Summary: Password Management: Hardcoded Password Key: KARAF-4202 URL: https://issues.apache.org/jira/browse/KARAF-4202 Project: Karaf Issue Type: Bug Affects Versions: 4.0.3 Reporter: Eduardo Aguinaga HP Fortify SCA and SciTools Understand were used to perform an application security scan on karaf source code. Analysis: Hardcoded passwords may compromise system security in a way that cannot be easily remedied. File: jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java Line: 47 SyncopeLoginModule.java, lines 41-49: 41 public class SyncopeLoginModule extends AbstractKarafLoginModule { 42 43 private final static Logger LOGGER = LoggerFactory.getLogger(SyncopeLoginModule.class); 44 45 public final static String ADDRESS = "address"; 46 public final static String ADMIN_USER = "admin.user"; // for the backing engine 47 public final static String ADMIN_PASSWORD = "admin.password"; // for the backing engine 48 49 private String address; -- This message was sent by Atlassian JIRA (v6.3.4#6332)