[jira] [Updated] (KARAF-4202) Password Management: Hardcoded Password
[ https://issues.apache.org/jira/browse/KARAF-4202?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4202: Fix Version/s: (was: 4.0.6) (was: 4.1.0) > Password Management: Hardcoded Password > --- > > Key: KARAF-4202 > URL: https://issues.apache.org/jira/browse/KARAF-4202 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga >Assignee: Jean-Baptiste Onofré > > HP Fortify SCA and SciTools Understand were used to perform an application > security scan on karaf source code. > Analysis: Hardcoded passwords may compromise system security in a way that > cannot be easily remedied. > File: > jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java > Line: 47 > SyncopeLoginModule.java, lines 41-49: > 41 public class SyncopeLoginModule extends AbstractKarafLoginModule { > 42 > 43 private final static Logger LOGGER = > LoggerFactory.getLogger(SyncopeLoginModule.class); > 44 > 45 public final static String ADDRESS = "address"; > 46 public final static String ADMIN_USER = "admin.user"; // for the > backing engine > 47 public final static String ADMIN_PASSWORD = "admin.password"; // for > the backing engine > 48 > 49 private String address; -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (KARAF-4202) Password Management: Hardcoded Password
[ https://issues.apache.org/jira/browse/KARAF-4202?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jean-Baptiste Onofré updated KARAF-4202: Fix Version/s: 4.0.6 4.1.0 > Password Management: Hardcoded Password > --- > > Key: KARAF-4202 > URL: https://issues.apache.org/jira/browse/KARAF-4202 > Project: Karaf > Issue Type: Bug >Affects Versions: 4.0.3 >Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.6 > > > HP Fortify SCA and SciTools Understand were used to perform an application > security scan on karaf source code. > Analysis: Hardcoded passwords may compromise system security in a way that > cannot be easily remedied. > File: > jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java > Line: 47 > SyncopeLoginModule.java, lines 41-49: > 41 public class SyncopeLoginModule extends AbstractKarafLoginModule { > 42 > 43 private final static Logger LOGGER = > LoggerFactory.getLogger(SyncopeLoginModule.class); > 44 > 45 public final static String ADDRESS = "address"; > 46 public final static String ADMIN_USER = "admin.user"; // for the > backing engine > 47 public final static String ADMIN_PASSWORD = "admin.password"; // for > the backing engine > 48 > 49 private String address; -- This message was sent by Atlassian JIRA (v6.3.4#6332)