[jira] [Updated] (PLUTO-782) Default "tomcat" and "pluto" users are granted "manager-gui" role

Neil Griffin (Jira) Thu, 16 Dec 2021 08:30:13 -0800


     [ 
https://issues.apache.org/jira/browse/PLUTO-782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Neil Griffin updated PLUTO-782:
-------------------------------
    Fix Version/s: 3.1.1
                       (was: 3.1.2)

> Default "tomcat" and "pluto" users are granted "manager-gui" role
> -----------------------------------------------------------------
>
>                 Key: PLUTO-782
>                 URL: https://issues.apache.org/jira/browse/PLUTO-782
>             Project: Pluto
>          Issue Type: Bug
>    Affects Versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 3.0.0, 3.0.1, 3.1.0
>            Reporter: Louis
>            Assignee: Neil Griffin
>            Priority: Critical
>             Fix For: 3.1.1
>
>
> Hi,
> I just downloaded your software and saw that the passwords used to protect 
> the local tomcat users are very predictable. It would be better to disable 
> those accounts as they basically allow anyone to get command execution on the 
> underlying server.
>  
> People in charge can then add those accounts based on their requirements.
> Regards,
> Louis



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (PLUTO-782) Default "tomcat" and "pluto" users are granted "manager-gui" role

Reply via email to