[ 
https://issues.apache.org/jira/browse/AXIS2-5910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

robert lazarski reassigned AXIS2-5910:
--------------------------------------

    Assignee: robert lazarski

> axis2.xml uses weak password , automated penetration tools are complaining
> --------------------------------------------------------------------------
>
>                 Key: AXIS2-5910
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5910
>             Project: Axis2
>          Issue Type: Bug
>            Reporter: robert lazarski
>            Assignee: robert lazarski
>            Priority: Major
>
> There are 48 axis2.xml files in source control it seems, and they all have 
> the same weak password in each file. 
> As penetration tools become ubiquitous, they are all finding the same problem 
> with these weak credentials in axis2.xml . 
> We should consider the Tomcat approach and just comment out the entire 
> username / password section, as that doesn't seem to break anything. It 
> doesn't, for example, break the happyaxis.jsp .
> Next step I suppose would be replacing all 48 files with comments, and 
> running the unit tests?
> [https://svn.apache.org/viewvc/tomcat/trunk/conf/tomcat-users.xml?view=co&revision=1745083&content-type=text%2Fplain]
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

Reply via email to