[
https://issues.apache.org/jira/browse/AXIS2-5910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
robert lazarski updated AXIS2-5910:
-----------------------------------
Description:
There are 48 axis2.xml files in source control it seems, and they all have the
same weak password in each file.
As penetration tools become ubiquitous, they are all finding the same problem
with these weak credentials in axis2.xml .
We should consider the Tomcat approach and just comment out the entire username
/ password section, as that doesn't seem to break anything. It doesn't, for
example, break the happyaxis.jsp .
Next step I suppose would be replacing all 48 files with comments, and running
the unit tests?
[https://svn.apache.org/viewvc/tomcat/trunk/conf/tomcat-users.xml?view=co&revision=1745083&content-type=text%2Fplain]
was:
The are 48 axis2.xml files in source control it seems, and they all have the
same weak password in each file.
As penetration tools become ubiquitous, they are all finding the same problem
with these weak credentials in axis2.xml .
We should consider the Tomcat approach and just comment out the entire username
/ password section, as that doesn't seem to break anything. It doesn't, for
example, break the happyaxis.jsp .
Next step I suppose would be replacing all 48 files with comments, and running
the unit tests?
[https://svn.apache.org/viewvc/tomcat/trunk/conf/tomcat-users.xml?view=co&revision=1745083&content-type=text%2Fplain]
> axis2.xml uses weak password , automated penetration tools are complaining
> --------------------------------------------------------------------------
>
> Key: AXIS2-5910
> URL: https://issues.apache.org/jira/browse/AXIS2-5910
> Project: Axis2
> Issue Type: Bug
> Reporter: robert lazarski
> Priority: Major
>
> There are 48 axis2.xml files in source control it seems, and they all have
> the same weak password in each file.
> As penetration tools become ubiquitous, they are all finding the same problem
> with these weak credentials in axis2.xml .
> We should consider the Tomcat approach and just comment out the entire
> username / password section, as that doesn't seem to break anything. It
> doesn't, for example, break the happyaxis.jsp .
> Next step I suppose would be replacing all 48 files with comments, and
> running the unit tests?
> [https://svn.apache.org/viewvc/tomcat/trunk/conf/tomcat-users.xml?view=co&revision=1745083&content-type=text%2Fplain]
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
