[
https://issues.apache.org/jira/browse/AXIS2-5910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
robert lazarski reassigned AXIS2-5910:
--------------------------------------
Assignee: robert lazarski
> axis2.xml uses weak password , automated penetration tools are complaining
> --------------------------------------------------------------------------
>
> Key: AXIS2-5910
> URL: https://issues.apache.org/jira/browse/AXIS2-5910
> Project: Axis2
> Issue Type: Bug
> Reporter: robert lazarski
> Assignee: robert lazarski
> Priority: Major
>
> There are 48 axis2.xml files in source control it seems, and they all have
> the same weak password in each file.
> As penetration tools become ubiquitous, they are all finding the same problem
> with these weak credentials in axis2.xml .
> We should consider the Tomcat approach and just comment out the entire
> username / password section, as that doesn't seem to break anything. It
> doesn't, for example, break the happyaxis.jsp .
> Next step I suppose would be replacing all 48 files with comments, and
> running the unit tests?
> [https://svn.apache.org/viewvc/tomcat/trunk/conf/tomcat-users.xml?view=co&revision=1745083&content-type=text%2Fplain]
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
