Eduardo Aguinaga created KARAF-4202:
---------------------------------------
Summary: Password Management: Hardcoded Password
Key: KARAF-4202
URL: https://issues.apache.org/jira/browse/KARAF-4202
Project: Karaf
Issue Type: Bug
Affects Versions: 4.0.3
Reporter: Eduardo Aguinaga
HP Fortify SCA and SciTools Understand were used to perform an application
security scan on karaf source code.
Analysis: Hardcoded passwords may compromise system security in a way that
cannot be easily remedied.
File:
jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java
Line: 47
SyncopeLoginModule.java, lines 41-49:
41 public class SyncopeLoginModule extends AbstractKarafLoginModule {
42
43 private final static Logger LOGGER =
LoggerFactory.getLogger(SyncopeLoginModule.class);
44
45 public final static String ADDRESS = "address";
46 public final static String ADMIN_USER = "admin.user"; // for the backing
engine
47 public final static String ADMIN_PASSWORD = "admin.password"; // for the
backing engine
48
49 private String address;
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
