robert lazarski created AXIS2-5910:
--------------------------------------
Summary: axis2.xml uses weak password , automated penetration
tools are complaining
Key: AXIS2-5910
URL: https://issues.apache.org/jira/browse/AXIS2-5910
Project: Axis2
Issue Type: Bug
Reporter: robert lazarski
The are 48 axis2.xml file in source control it seems, and they all have the
same weak password in each file.
As penetration tools become ubiquitous, they are all finding the same problem
with these weak credentials in axis2.xml .
We should consider the Tomcat approach and just comment out the entire username
/ password section, as that doesn't seem to break anything. It doesn't, for
example, break the happyaxis.jsp .
Next step I suppose would be replacing all 48 files with comments, and running
the unit tests?
https://svn.apache.org/viewvc/tomcat/trunk/conf/tomcat-users.xml?view=co&revision=1745083&content-type=text%2Fplain
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
