Uploaded image for project: 'Pluto'
  1. Pluto
  2. PLUTO-782

Default "tomcat" and "pluto" users are granted "manager-gui" role

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 2.0.0, 2.0.1, 2.0.2, 2.0.3, 3.0.0, 3.0.1, 3.1.0
    • 3.1.1
    • None
    • None

    Description

      Hi,

      I just downloaded your software and saw that the passwords used to protect the local tomcat users are very predictable. It would be better to disable those accounts as they basically allow anyone to get command execution on the underlying server.

       

      People in charge can then add those accounts based on their requirements.

      Regards,

      Louis

      Attachments

        Activity

          People

            ngriffin7a Neil Griffin (Inactive)
            snyff Louis
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: